quality-gates-enforcer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflows reference third‑party GitHub Actions that are fetched and executed at CI runtime (e.g., snyk/actions used as snyk/actions/node@master — https://github.com/snyk/actions, romeovs/lcov-reporter-action — https://github.com/romeovs/lcov-reporter-action, andresz1/size-limit-action — https://github.com/andresz1/size-limit-action, and actions/github-script — https://github.com/actions/github-script), which run remote code during the skill's execution and are required by the workflows.