devops-cicd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow uses external GitHub Actions that are fetched and executed at runtime (e.g., snyk/actions/node@master, trufflesecurity/trufflehog@main, docker/build-push-action@v5, slackapi/slack-github-action@v1), so remote repository code is run as a required dependency of the pipeline.