dotnet-cli-release-pipeline

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflow uses external GitHub Actions that are fetched and executed at runtime (e.g., https://github.com/softprops/action-gh-release, https://github.com/peter-evans/create-pull-request, https://github.com/vedantmgoyal9/winget-releaser and other actions/* repos referenced via "uses:"), which are remote code dependencies executed as part of the skill run.