pages

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill loads and executes remote code at runtime — e.g. the importmap pulls webjsx modules from CDN (https://cdn.jsdelivr.net/npm/webjsx@0.0.42/dist/index.js and https://cdn.jsdelivr.net/npm/webjsx@0.0.42/dist/jsx-runtime.js) which are executed in-browser, and the CI workflow runs "npx flatspace" (package page: https://npmjs.com/package/flatspace) which fetches and executes remote npm code during the build.