persistent-memory

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's sync instructions show runtime git commands (e.g., git clone https://ghp_xxx@github.com/user/persistent-memory.git and periodic git fetch/pull) which would fetch remote repository files into ~/.persistent-memory (INDEX.md, MEMORY.md) that the agent explicitly reads at session start and thus can directly control prompts, so the GitHub URL is a high-risk runtime dependency.