perf-audit

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill runs npx to fetch and execute third-party packages at runtime (e.g., vite-bundle-visualizer and webpack-bundle-analyzer fetched from the npm registry https://registry.npmjs.org), so external code is executed and the audit workflow depends on those remote tools.