toss-securities

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing a Homebrew tap "JungHoonGhae/tossinvest-cli" via "brew tap JungHoonGhae/tossinvest-cli" and "brew install tossctl", which fetches a remote GitHub/Homebrew repository (JungHoonGhae/tossinvest-cli) that is a required runtime dependency and installs code that will be executed locally by the skill (tossctl), so it is a runtime external dependency that can execute code.