model-enhancement-servers

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime install/run instructions that fetch and execute remote packages (e.g., the VS Code install redirect that runs npx to start the memory server: https://insiders.vscode.dev/redirect/mcp/install?name=memory&config=%7B%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22%40modelcontextprotocol%2Fserver-memory%22%5D%7D), which will download and execute third‑party code as a required runtime dependency.