code-author

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly instructs the agent at runtime to "use web_fetch" to retrieve guidance from an external page (e.g. https://google.github.io/eng-practices/review/developer/), meaning remote content could be fetched during execution and directly influence the agent's prompts/instructions.