gke-workload-security

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workload-identity-pod manifest will cause Kubernetes to pull and run the remote container image at gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:0d19f566f418b8aa0109eba1d04db88e36e88d09559267b4559982d07c685a0b at runtime, which executes remote code fetched from that URL.