backend-python-cicd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires runtime fetching and execution from external URLs—e.g. pip installs via https://pypi.tuna.tsinghua.edu.cn/simple, git operations against git.tac.hillstonenet.com, and base/image registries docker.dic.hillstonenet.com / registry.dic.hillstonenet.com—which will be fetched during CI/Docker build and thus pull and execute remote code/images as required dependencies.