backtester

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs the agent to call the publisher API at runtime (notably GET https://api.serendb.com/publishers/plausibleai/api/backtests/catalog) and to "treat the catalog as authoritative" for the DSL used to compose requests, so the fetched content directly controls how the agent builds its prompts/requests and is a required runtime dependency.