JLC EDA Drawing

The skill bundle includes a bridge server (`scripts/bridge-server.mjs`) that enables arbitrary JavaScript execution within a running EasyEDA client. This server is unauthenticated and uses permissive CORS headers ('*'), which creates a significant risk of unauthorized remote control or cross-site attacks against the EDA software. Additionally, `references/bridge-api.md` provides instructions to run this server in a hidden window on Windows. While these capabilities are aligned with the stated purpose of automating circuit design, the lack of security controls on the execution gateway constitutes a high-risk behavior.