warp

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The "New Dev Environment Setup" workflow runs runtime git clones (git@github.com:{{org}}/api.git, git@github.com:{{org}}/frontend.git, git@github.com:{{org}}/infrastructure.git) and then executes npm scripts and docker-compose from those repos, meaning fetched remote code will be executed and is a required dependency.