app-dev

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's HTML templates include Crayons CDN script tags (https://cdn.jsdelivr.net/npm/@freshworks/crayons@v4/dist/crayons/crayons.esm.js and https://cdn.jsdelivr.net/npm/@freshworks/crayons@v4/dist/crayons/crayons.js), which are fetched at runtime, execute remote JavaScript in the app frontend, and are required by the skill, so they meet the criteria for an external dependency that executes remote code.