Context-Inappropriate Capability
Low
- Confidence
- 88% confidence
- Finding
- The file imports GSAP directly from a third-party CDN at runtime, which creates an external supply-chain and availability dependency. If the CDN content is tampered with, unavailable, or blocked, the example could execute unintended code or fail unpredictably, which is unnecessary risk for a local example asset.
