design-notebook

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The build script template/build-artifact.js invokes "npx esbuild" (which fetches the esbuild package from the npm registry, e.g. https://registry.npmjs.org) at build/runtime to bundle and execute code, and the skill relies on this step as a required dependency—so it will fetch and run remote code during runtime.