github-actions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill embeds GitHub Action "uses" references that are fetched and executed at workflow runtime (for example: superfly/flyctl-actions/setup-flyctl@master), so external repository code will be pulled and run as a required dependency.