ci-cd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflows use remote GitHub Actions that are fetched and executed at runtime (e.g., actions/checkout@v4, actions/setup-node@v4, cloudflare/pages-action@v1, appleboy/ssh-action@v1.0.0), so external repositories are run as code during skill execution.