warp-grep

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script invokes a remote package via "bunx @morphllm/morphmcp@latest" (through mcporter), which fetches and executes remote code at runtime and implements the warpgrep agent that controls prompts/search behavior.