typo3-rector

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs installing and running Rector (composer require ssch/typo3-rector) and references the package repo https://github.com/sabbelasichon/typo3-rector, which means remote code would be fetched at runtime and executed (vendor/bin/rector), so this external URL represents a runtime dependency that can execute code.