tencentmap-jsapi-gl-skill

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's quickstart and examples load remote JavaScript from https://map.qq.com/api/gljs?v=... (e.g., https://map.qq.com/api/gljs?v=3&key={TMAP_JSAPI_KEY}), which is fetched at runtime, executes remote code in the client, and is required for the skill's functionality, so it constitutes a runtime external dependency that directly controls agent behavior.