The Agent Skills Directory

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The eval viewer's HTML (eval-viewer/viewer.html) includes and will load the external script https://cdn.sheetjs.com/xlsx-0.20.3/package/dist/xlsx.full.min.js at runtime (when generate_review.py opens the viewer), which causes remote code to execute in the user's browser and is relied upon for spreadsheet rendering—constituting a runtime external dependency that executes remote code.

skill-creator