truefoundry-ai-monitoring

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). References in the manifest/schema explicitly state that hosted A2A agent cards and remote OpenAPI specs are fetched at runtime and can alter agent behavior (e.g., the examples "https://research-agent.example.com/.well-known/agent.json" and "https://api.weather.example.com/openapi.json" are runtime-fetched URLs that can control prompts/tooling), so these are high-confidence risky external dependencies.