opentofu-migration

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime install/run commands that fetch and execute remote code—e.g., curl --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh (then ./install-opentofu.sh) and pulling/ running ghcr.io/opentofu/opentofu images—which are required to provide the OpenTofu CLI and therefore execute remote code during runtime.