gsp-scaffold

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill runs npx/npm CLI commands at runtime (e.g., "npx shadcn@latest", "npx create-next-app@latest", "npm create vite@latest", "npx @react-native-reusables/cli") which fetch and execute remote npm package code as a required part of the scaffold, so these runtime fetches constitute external code execution risk.