capacitor-ci-cd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CI workflows invoke third-party code at runtime (e.g., uses: actions/checkout@v4 fetched from https://github.com/actions/checkout and npx @capgo/cli which pulls and runs code from the npm registry), so remote content is fetched and executed and the skill depends on those external packages to run.