drawio-diagram

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes "npx -y @drawio/mcp" at runtime (i.e. fetching & executing the npm package @drawio/mcp from the npm registry such as https://registry.npmjs.org/@drawio/mcp), which pulls and runs remote code that the Browser Mode relies on.