dotnet-codeql

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The provided CodeQL GitHub Actions workflow fetches and executes external action code at runtime (e.g., github/codeql-action/init@v3 — https://github.com/github/codeql-action which is fetched and run by the workflow), so the skill depends on remote repositories that will execute code in CI.