implementing-policy-as-code-with-open-policy-agent

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime installation steps that download and execute remote artifacts which the agent relies on—specifically the conftest tarball (https://github.com/open-policy-agent/conftest/releases/download/v0.50.0/conftest_0.50.0_Linux_x86_64.tar.gz), the OPA binary curl URL (https://openpolicyagent.org/downloads/latest/opa_linux_amd64_static), and the Gatekeeper Helm chart repo (https://open-policy-agent.github.io/gatekeeper/charts) which are fetched at runtime and result in executing remote code or deploying code the skill depends on.