kani-proof

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill documentation instructs runtime installation/execution of external code (e.g., npm install / npx for @workersio/klint and adding a git dependency git@github.com:otter-sec/verify.git), which would fetch and execute remote code during the linter/verifier agent runs, so git@github.com:otter-sec/verify.git is flagged as a runtime external dependency that executes remote code.