changelog-automation

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow includes runtime-executed external actions and packages (e.g., uses: actions/checkout@v4 → https://github.com/actions/checkout) and runs npx/pip installs like npx semantic-release / pip install commitizen which will fetch and execute remote code, so these external repositories/packages are required and execute at runtime.