rhino-sdk

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill constructs and uses a container image URI at runtime via CodeObjectCreateInput (config["container_image_uri"] = f"{ecr_base_uri}/{my_workgroup_ecr_repo}:{my_image_name}", where ecr_base_uri = rh.lib.constants.ECRService.PROD_URL), which will fetch and run a remote container image during code-object execution and therefore executes remote code as a required runtime dependency.