generative-ui

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill loads and executes third-party scripts at runtime (e.g., Chart.js from https://cdnjs.cloudflare.com/ajax/libs/Chart.js/4.4.1/chart.umd.js and mermaid from https://esm.sh/mermaid@11/dist/mermaid.esm.min.mjs), which run remote code in the widget context and are required for chart/ERD rendering, so they present runtime-executing external dependencies.