vulnerability-scanning

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included GitHub Actions workflow pulls and executes external action repositories at runtime (e.g., uses: aquasecurity/trivy-action@master — https://github.com/aquasecurity/trivy-action and uses: snyk/actions/node@master — https://github.com/snyk/actions-node), which are fetched and run by the CI and are required by the job, so they constitute runtime external code execution.