lightweight-3d-effects

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime loads that fetch and execute remote JavaScript (required dependencies) from CDN URLs such as https://cdn.jsdelivr.net/npm/vanta@0.5.24/dist/vanta.waves.min.js, https://cdnjs.cloudflare.com/ajax/libs/three.js/r134/three.min.js, https://unpkg.com/zdog@1/dist/zdog.dist.min.js, and https://cdnjs.cloudflare.com/ajax/libs/vanilla-tilt/1.8.1/vanilla-tilt.min.js, which are external code executed at runtime and therefore represent a supply-chain/runtime execution risk.