setup-github-actions-ci

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow references GitHub Action repos that are fetched and executed at runtime (for example, r-lib/actions/setup-r@v2 and actions/checkout@v4), so the skill relies on external repository code that will run in the workflow runner.