scaffold

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs runtime installer/executor commands (e.g., "npx create-next-app@latest", "npx shadcn@latest init -d", "npx shadcn@latest add …", "npx @react-native-reusables/cli init") which fetch packages from the npm registry and execute remote code, so they are external runtime dependencies that execute remote code.