courier-notification-skills

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch external docs (https://www.courier.com/docs/llms.txt and then the linked pages) to resolve API signatures and drive code/prompt generation, so fetched remote content can directly control agent instructions.