bio-workflow-management-cwl-workflows

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CWL uses DockerRequirement dockerPulls that are fetched at runtime and will execute remote code (e.g., biocontainers/bwa:v0.7.17 and quay.io/biocontainers/salmon:1.10.0--h7e5ed60_0), so these external container images are required runtime dependencies that can run arbitrary code.