docker-rocker

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Dockerfile templates explicitly COPY from and invoke the remote image ghcr.io/astral-sh/uv:latest (COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv and subsequent uv sync runs), so the skill fetches that external image at build/runtime and executes its code as a required dependency.