mermaid-diagram

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill executes remote code at runtime via the npx fallback "npx -y @mermaid-js/mermaid-cli@latest" (which pulls from the npm registry, e.g. https://registry.npmjs.org/@mermaid-js/mermaid-cli), so it fetches and runs external code as a required part of the verification step.