spatie-package-skeleton

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running "gh repo create ... --template spatie/package-skeleton-laravel --clone" which fetches the GitHub template (https://github.com/spatie/package-skeleton-laravel) at runtime and then runs setup steps like composer install (which pulls remote packages and can execute install scripts), so the template repo is a runtime external dependency that can execute remote code.