dogfooding

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The repository's CI/workflow and local setup explicitly install and run the external skills CLI package (@vercel/skills) — referenced by https://github.com/vercel-labs/skills — (via npm install/npx and GitHub Actions) which fetches and executes remote code at runtime and is relied on for validation, so it meets the criteria for a runtime-executed external dependency.