sbti-test

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The deploy workflow calls a configurable remote endpoint (via deploy/deploy_skill.js -> POST to {baseUrl}/v1/remote-executions, e.g. https://deploy.nexu.io) at runtime and uses fields from the remote response (jobId/resultUrl) to construct follow-up agent instructions and user-facing messages, so external content directly influences agent behavior.