marketplace-scaffold

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill instructs running npx shadcn@latest add with URLs such as https://marketplace-sdk.sitecorecloud.io/r/app-client.json (and related /xmc.json, /ai.json, /blok-theme.json), which are fetched at runtime and used by the shadcn CLI to control scaffolding/generation behavior (i.e., external template content directly influences executed setup/code), so they are runtime external dependencies that affect code generation.