electron-development

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill configures electron-updater to publish/check GitHub releases (publish: provider: github, owner: your-org, repo: your-repo — e.g. https://github.com/your-org/your-repo/releases) and the runtime autoUpdater.checkForUpdates()/downloadUpdate() flow will fetch and install remote release artifacts (executable code), which means remote content downloaded at runtime can execute code if compromised.