ci-cd-architecture

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes GitHub Actions "uses:" references that are fetched and executed at workflow runtime (for example: snyk/actions/docker@master and step-security/harden-runner@v2), so external repository code is executed as a required dependency and can directly affect pipeline behavior.