gsap-master
Warn
Audited by Snyk on Feb 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The included starter script loads and executes remote JavaScript at runtime from https://cdn.jsdelivr.net/npm/gsap@3/dist/gsap.min.js and https://cdn.jsdelivr.net/npm/gsap@3/dist/ScrollTrigger.min.js, which are required dependencies for the page and thus execute remote code when the skill is run.
Audit Metadata