fusion-discover-skills

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's fallback discovery explicitly uses runtime reads of the catalog (e.g., the gh api graphql pattern against the equinor/fusion-skills repo — underlying endpoint https://api.github.com/graphql and repo reference equinor/fusion-skills) to fetch SKILL.md files which are injected into the agent's decision context and thus directly control prompts.