bun-development

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install_command pulls the skill content from https://raw.githubusercontent.com/majiayu000/claude-skill-registry-data/main/data/antigravity-bun-development/SKILL.md which injects remote Markdown that will control agent behavior, and the docs include an explicit curl -fsSL https://bun.sh/install | bash command that fetches and executes remote code during setup, so both are runtime/installation-time external fetches that meet the flagged criteria.