drawio-export-tools

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs users to run external code at runtime (e.g., GitHub Actions using the action "uses: rlespinasse/drawio-export-action@v2" which maps to https://github.com/rlespinasse/drawio-export-action, and Docker images like rlespinasse/drawio-export and rlespinasse/drawio-desktop-headless) — these are fetched and executed during runtime, so they are runtime external dependencies that execute remote code.