writing-github-actions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's example workflows and base_outputs include runtime "uses" references that fetch and execute code from external GitHub action repositories (e.g. https://github.com/actions/checkout), which are retrieved and run at workflow runtime and the skill requires such actions (e.g. must_contain includes uses: actions/checkout@), creating a remote code execution dependency.