drupal-canvas

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running npx to fetch and execute remote packages (npx @drupal-canvas/create and npx skills add drupal-canvas/skills), which downloads and runs third-party code at runtime, so these are runtime external dependencies that execute remote code.