license-check

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes runtime installation and execution of external code (e.g., GitHub Actions referenced in the generated workflow like actions/checkout@v4 — https://github.com/actions/checkout — and runtime installs such as npm install -g license-checker and pip install pip-licenses), which fetches and executes remote code that the skill relies on.