javascriptkit

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included install script (scripts/install-sdk.py) fetches metadata from https://www.swift.org/api/v1/install/releases.json and then downloads and installs SDK artifacts from URLs like https://download.swift.org/..._wasm.artifactbundle.tar.gz at runtime, meaning it fetches and executes remote code that the skill relies on.