githubbing

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install script is run at runtime and fetches and registers https://cli.github.com/packages/githubcli-archive-keyring.gpg and adds the apt repository https://cli.github.com/packages such that apt install gh will download and execute remote package code, so these URLs are runtime dependencies that lead to executing remote code.