oracle

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running npm/npx to fetch and execute the @steipete/oracle CLI at runtime (e.g., npm install -g @steipete/oracle or npx -y @steipete/oracle — package page: https://www.npmjs.com/package/@steipete/oracle), which pulls remote code that runs locally and controls prompt/plan generation, so it is a runtime external dependency that executes remote code.