china-holidays

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime script (scripts/fetch_holidays.py) makes live requests to the government search API at https://sousuo.www.gov.cn/search-gov/data (and then fetches the returned gov.cn notice URLs such as https://www.gov.cn/...) and injects that fetched notice text into the agent's output generation, so external content fetched at runtime directly controls the agent's responses.