day4-wrap-and-analyze

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs executing the command "npx skills add ai-native-camp/camp-1 --agent claude-code --yes" at runtime, which will fetch and run remote package code (ai-native-camp/camp-1) as a required dependency, so it can execute remote code and thus is a runtime risk.