semantic-release

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes a runtime build example that runs "curl --proto =https --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y", which fetches and executes remote code during the release/build process (used for manylinux wheel builds), meeting the criteria for a runtime-executed external script dependency.