vercel-github-actions-deploy

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow includes runtime steps that fetch and execute external code (e.g., GitHub Actions referenced via "uses" such as actions/checkout@v4 which resolves to https://github.com/actions/checkout and third-party actions like oven-sh/setup-bun), and it also installs/runs the Vercel CLI via npm at runtime, so external URLs are used to execute remote code during the skill's operation.