beautiful-mermaid

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The render.ts script's ensurePackage() will, at runtime, install and import the npm package "beautiful-mermaid" (fetched from the npm registry, e.g. https://registry.npmjs.org/beautiful-mermaid), which causes remote code to be downloaded and executed and is required for rendering—hence a runtime external dependency that executes remote code.