steedos-webapps

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's client loader dynamically fetches and executes the compiled IIFE script at runtime via loadJs('/my-widget/amis-renderer.js'), which runs remote JavaScript that the skill requires to register the amis component, so this runtime-loaded URL can execute code.