status-page-ui

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's installation instructions call out runtime commands that fetch and apply remote scaffolding (e.g., "npx shadcn@latest add https://openstatus.dev/r/status-complete.json" and the related https://openstatus.dev/r/status-essentials.json, https://openstatus.dev/r/status-banner.json, https://openstatus.dev/r/status-component.json, https://openstatus.dev/r/status-bar.json, https://openstatus.dev/r/status-feed.json), which are fetched at install/run time and used to drive code generation/scaffolding—constituting remote content that controls what code/files are created and is executed by the installer, so this is a runtime external dependency worth flagging.