secondme-dev-assistant

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to fetch the remote API reference ("https://develop-docs.second.me/zh/docs/api-reference/secondme") to create/update local references used as the source-of-truth for endpoint paths and code generation, meaning external content directly controls the agent's implementation prompts and is a required dependency.