truefoundry-gitops

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The manifest explicitly documents a hosted-a2a agent_card_url (e.g. https://research-agent.example.com/.well-known/agent.json) and warns that these agent_card URLs are fetched at runtime and can influence agent behavior (i.e., control prompts), so this is a runtime external dependency that can directly control prompts.