plannotator-visual-explainer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime fetching/execution of third‑party code — for example the PR path embeds and imports the external module https://cdn.jsdelivr.net/npm/@pierre/diffs@1.1.21/+esm (which will be fetched and executed when the generated HTML is rendered) and the visual‑explainer path may run npx skills add nicobailon/visual-explainer -g --yes to install/execute the nicobailon/visual-explainer skill, so these are runtime external dependencies that execute remote code.