gha-pipelines

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflows invoke external GitHub Actions (e.g., actions/checkout@v6, jdx/mise-action@v3, actions/github-script@v7, fluxcd/flux2/action@v2, docker/login-action@v3) which are fetched and executed at workflow runtime and thus constitute runtime external code dependencies.