security-testing

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's CI workflow invokes external GitHub Actions and container images (e.g., uses: zaproxy/action-baseline@v0.14.0 and ghcr.io/zaproxy/zaproxy:stable) which are fetched and executed at runtime in CI, so they constitute remote code execution dependencies required by the skill.