Context-Inappropriate Capability
Medium
- Confidence
- 94% confidence
- Finding
- The file loads executable JavaScript from a third-party CDN at runtime, which creates a supply-chain and trust-boundary risk: if the CDN, package, or delivery path is compromised, arbitrary code will execute in the rendering environment. In this skill context, the template is otherwise a local preset for creative/design handling, so reaching out to the network for code is unnecessary and increases exposure rather than being required for core functionality.
