github-workflows

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow templates include runtime "uses:" actions that fetch and execute third-party GitHub Action code (for example uses: actions/checkout@v5 -> https://github.com/actions/checkout), so the skill relies on externally fetched repositories that run remote code during CI.