gcp-gke-workload-identity

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's deployment manifest references container images that will be fetched and executed at runtime (e.g., gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.11.4 and europe-west2-docker.pkg.dev/.../supplier-charges-hub:latest), meaning remote code is pulled and relied on as a required runtime dependency.