truefoundry-logs

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly states that remote OpenAPI specs are fetched at runtime and converted into MCP tools that control agent capabilities (e.g., "https://api.weather.example.com/openapi.json"), so fetching that URL during runtime can directly influence agent behavior and thus poses a high risk.