shopify-pos-ui

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the mandatory runtime script scripts/search_docs.mjs performs a POST fetch to https://shopify.dev/assistant/search to retrieve documentation/search results that are used at runtime to drive the assistant's code-generation/validation logic (i.e., external content directly influences prompts/output).