mermaid

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's Verification step runs npx to fetch and execute the mermaid CLI at runtime (npx --yes -p @mermaid-js/mermaid-cli mmdc ...), which pulls remote code from the npm registry (e.g. https://www.npmjs.com/package/@mermaid-js/mermaid-cli) and is used as a required dependency to render/verify diagrams.