umami

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime fetch-and-execute steps that pull and run remote code (git clone https://github.com/umami-software/umami.git followed by docker compose up -d) and instruct adding a remote tracking script that executes in users' browsers (https://analytics.mysite.com/script.js), both of which are external runtime dependencies that execute remote code.