visualize

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's browser-run templates and wrappers explicitly import and execute remote JavaScript from CDNs at runtime (e.g., https://cdn.jsdelivr.net/npm/d3@7/+esm, https://cdn.jsdelivr.net/npm/vega@latest / https://cdn.jsdelivr.net/npm/vega-lite@latest / https://cdn.jsdelivr.net/npm/vega-embed@latest, and https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs), which are fetched when the generated HTML is opened during the mandatory Phase 4 verification and are required for the visualizations to run, so these external URLs cause remote code execution the skill depends on.