ralph

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires installing remote code that will be loaded into the agent at runtime via the command "gemini extensions install https://github.com/Q00/ouroboros" (and equivalent installs like https://github.com/supercent-io/skills-template), which fetches and installs external repository content that directly provides prompts/hooks executed by the agent, so this URL is a high-confidence runtime dependency that can control agent behavior.