canvas-a2ui

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill deliberately exposes powerful primitives that can be abused for remote code execution and data exfiltration: it accepts and evals arbitrary JS in the browser page, reads arbitrary local files into data-URLs, loads remote scripts from a CDN, and can expose canvases via a server — together these provide clear, intentional capabilities that an attacker or untrusted agent could use as a backdoor or exfiltration channel.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill injects and executes Chart.js at runtime from the external URL https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js via the headless page HTML (page.setContent), meaning remote code is fetched and executed and is required for chart rendering.