github-vercel-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs npx/npm commands at runtime that fetch and execute remote packages — notably npx skills add treehausdev/skills (and npx create-next-app@latest, npm install -g vercel), so external code from the treehausdev/skills package (and npm registry) would be downloaded and executed and could directly control agent behavior.