entra-agent-id

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime patterns rely on pulling and running the Microsoft Entra SDK sidecar container image (mcr.microsoft.com/entra-sdk/auth-sidecar:1.0.0), which fetches and executes remote code at runtime (container image) and is used as a required token-service dependency (e.g., SIDECAR_URL examples), so it meets the criteria for a risky external runtime dependency.