structured-artifact
Warn
Audited by Snyk on Jul 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). Yes — the skill loads and depends at runtime on external CDN scripts that execute remote JavaScript (e.g., https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.min.js and https://unpkg.com/react@18/umd/react.production.min.js among other cdn.jsdelivr.net / unpkg / githubusercontent CDN URLs), so those URLs fetch and run code the artifact requires.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata