markdown2wechat

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs npm install at runtime to fetch and execute external packages (npm install marked@4 and npm install juice@8 from the npm registry https://registry.npmjs.org/), so remote code is fetched and executed as a required dependency.