design-artifact
Warn
Audited by Snyk on Apr 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's starter-components explicitly requires loading CDN scripts that will be fetched and executed at artifact runtime (e.g., https://unpkg.com/react@18.3.1/umd/react.development.js, https://unpkg.com/react-dom@18.3.1/umd/react-dom.development.js, https://unpkg.com/@babel/standalone@7.29.0/babel.min.js), which execute remote code and are required for the JSX templates to work.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata