platform-engineering

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Backstage app-config lists external catalog/template URLs (e.g., https://github.com/myorg/backstage-templates/blob/main/all-templates.yaml and https://github.com/myorg/software-catalog/blob/main/catalog-info.yaml) that Backstage fetches at runtime to load templates and catalog entries which directly define scaffolder prompts/steps and actions (i.e., instructions executed by the platform), so they are runtime dependencies that can control instructions.