nsfc-schematic

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README and scripts show a runtime dependency on the Gemini REST endpoint configured via GEMINI_BASE_URL (e.g. https://generativelanguage.googleapis.com/v1beta and the example proxy https://xingjiabiapi.org/v1), which the Nano Banana/Gemini renderer calls at runtime to run the remote model and produce images (i.e. executes remote code) and is required for PNG-only rendering—thus meeting the criteria for a runtime external dependency.