atlassian-rovo

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running npx -y mcp-remote@latest "https://mcp.atlassian.com/v1/mcp" at runtime, which causes execution of remotely fetched code (mcp-remote from npm) and connects to the external MCP endpoint https://mcp.atlassian.com/v1/mcp that the skill requires to proxy tools and control agent behavior.