develop-secure-contracts

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs cloning/browsing the OpenZeppelin repository at runtime (e.g. https://github.com/OpenZeppelin/openzeppelin-contracts), and reading that fetched source is used to determine integration requirements and directly drive the agent's generated code, so this external URL is a runtime dependency that controls agent output.