xmtp-docs

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill performs runtime WebFetch calls to https://docs.xmtp.org/llms.txt and subsequent https://docs.xmtp.org/[path] pages and injects the fetched documentation into prompts (e.g., "Extract [specific feature] with code examples"), so the external docs directly control the agent's instructions and are a required runtime dependency.