github-actions-cicd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflows use third‑party GitHub Actions that are fetched and executed at runtime (for example: https://github.com/aquasecurity/trivy-action@master and https://github.com/docker/build-push-action@v5), which means remote repository code is run as a required dependency for the skill and therefore poses an execution risk.