concourse-ci

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill defines git resources that are fetched at runtime (e.g. https://github.com/org/repo.git) and those checked-out files are used as pipeline configs and task scripts (set_pipeline, task:file, tasks that run repo scripts), so remote repository content directly controls pipeline instructions and can be executed during runs.