chinese-patent

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill will automatically install and run the MCP server at runtime using the npx command "npx --yes @next-ai-drawio/mcp-server@0.1.15" (related repo: https://github.com/DayuanJiang/next-ai-draw-io), which fetches and executes remote code that the skill relies on to operate, so this is a runtime external dependency that executes remote code.