mutation-testing

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flagged github.com/go-gremlins/gremlins/cmd/gremlins@latest because the skill explicitly instructs running "go install github.com/go-gremlins/gremlins/cmd/gremlins@latest" at runtime, which fetches and installs remote code that the skill relies on and thus executes external code.