peach-erd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs runtime installation/execution of remote packages—e.g., "npm install -g claude-mermaid" (fetches/installs claude-mermaid from the npm registry) and "npx @mermaid-js/mermaid-cli@latest" (which fetches and runs mermaid-cli)—which download and execute external code required for the skill to operate.