astro-forms

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes and requires the Cloudflare Turnstile client script loaded at runtime (https://challenges.cloudflare.com/turnstile/v0/api.js), which fetches and executes remote JavaScript in users' browsers as part of the required spam_protection flow, so it is an external runtime dependency that executes remote code.