Just ignore //assets.squarespace.com/@sqs/polyfiller/1.6/legacy.js and //assets.squarespace.com/@sqs/polyfiller/1.6/modern.js. I initially thought that since it is the only polyfill thing in your website, it might be the cause. But since the customer support has confirmed that they are hosted locally, we can be somewhat confident in their safety.
In the URL https://www.blacksford.com/yellowstone-rv-rentals I found an url not hosted locally https://cdn.polyfill.io/ . This URL has been sold to a shady Chinese company https://github.com/formatjs/formatjs/issues/4363 , and Cloudflare has issued a warning https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk , though only now does the domain starts to spread malicious code. So you should consider removing it.