skill-creator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The eval viewer HTML included in the skill will load and execute remote JavaScript at runtime from https://cdn.sheetjs.com/xlsx-0.20.3/package/dist/xlsx.full.min.js (and also fetch Google Fonts), and the SheetJS script is required for XLSX rendering in the viewer so it executes external code the skill depends on.