arcgis-widgets-ui
Warn
Audited by Snyk on Feb 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's HTML includes runtime script imports that fetch and execute remote JavaScript (required dependencies) from https://js.arcgis.com/calcite-components/3.3.3/calcite.esm.js and https://js.arcgis.com/4.34/ (and https://js.arcgis.com/4.34/map-components/), so external content is fetched at runtime and executes code the skill relies on.
Audit Metadata