laravel-update-with-rector

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running composer require for external packages (rector/rector and driftingly/rector-laravel — e.g. https://packagist.org/packages/rector/rector and https://packagist.org/packages/driftingly/rector-laravel) during execution, which fetches and installs remote code that the skill then runs (vendor/bin/rector), so these runtime-fetched packages directly execute external code the skill relies on.