handtracking

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches and executes required remote code at runtime (browser-side JS via https://cdn.jsdelivr.net/npm/handtrackjs/dist/handtrack.min.js and repository/model files from https://github.com/victordibia/handtracking.git which are cloned/auto-downloaded and run), so these URLs introduce remote-execution dependencies.