install-putior

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues runtime install commands that fetch and execute remote R package code (e.g., remotes::install_github("pjt222/putior" -> https://github.com/pjt222/putior and remotes::install_github("posit-dev/mcptools" -> https://github.com/posit-dev/mcptools), which download and run third‑party code during setup), so these URLs are runtime dependencies that execute remote code.