infisical-user-setup-guide

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The guide contains runtime commands that fetch and execute remote install scripts (e.g., curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | bash and the related setup.rpm.sh / setup.alpine.sh) and it recommends a GitHub Action that the runner will fetch/execute (Infisical/secrets-action@v1.0.9 → github.com/Infisical/secrets-action), so these external URLs are fetched at runtime and execute remote code required by the workflows.