markmap-analogy-mindmap

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The render script calls npx at runtime (subprocess.run([..., "npx", "--yes", "markmap-cli", ...])) which will fetch and execute the remote npm package (e.g. https://registry.npmjs.org/markmap-cli) to render HTML, so a runtime external fetch that executes code is present.