sap-sac-custom-widget

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's widget code explicitly loads and executes external JavaScript at runtime (for example: https://cdn.jsdelivr.net/npm/echarts@5/dist/echarts.min.js is assigned to script.src and appended to document.head), so the fetched content executes remote code that the ECharts-based widgets depend on to function.