ui-widget-developer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running the MCP Inspector via npx which fetches and executes remote code and queries the runtime MCP endpoint (e.g., https:///mcp or the example https://my-mcp-server.example.com) to retrieve tool definitions that are then copied into mcpPlugin.json and thus directly control agent tool behavior/instructions at runtime.