devops-deployer

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The GitHub Actions referenced in the workflow (e.g., actions/checkout@v4, aquasecurity/trivy-action@master, hashicorp/vault-action@v2, docker/build-push-action@v5) are fetched and executed at workflow runtime from external repositories, meaning remote code is pulled in and run as a required part of the skill.