aws-cloudformation-security

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains CloudFormation Stack resources and scripts that fetch templates at runtime from S3 (e.g., https://${BucketName}.s3.amazonaws.com/production-stack.yaml and https://my-bucket.s3.amazonaws.com/updated-template.yaml), which CloudFormation/aws-cli will download during execution and thus can directly control the infrastructure/actions executed by the service.