pretext

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill imports and executes remote ESM at runtime (e.g. "https://esm.sh/@chenglou/pretext@0.0.6" — also other esm.sh imports like gsap/lil-gui) and loads fonts from remote URLs (e.g. "https://esm.sh/@nous-research/ui@0.4.0/dist/fonts/Mondwest-Regular.woff2" and "https://cdn.jsdelivr.net/..."), which are fetched and executed/used at runtime and are required dependencies for the demos, so they constitute runtime external code execution risk.