github-actions-templates

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow templates include multiple GitHub Actions referenced with "uses:" (for example aquasecurity/trivy-action@master and snyk/actions/node@master, as well as docker/build-push-action@v5 and many actions/*@vX entries) which are fetched from external repositories and executed at workflow runtime, so they are runtime external dependencies that execute remote code.