thatopen-core-architecture

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires calling fragments.init('/workers/fragments-worker.js') at runtime (and similar runtime WASM paths) which fetches and executes a web worker/WASM payload the viewer depends on, so the '/workers/fragments-worker.js' worker URL is a runtime-loaded external resource that executes remote code.