dotnet-gha-patterns

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflows call external GitHub Actions that are fetched and executed at runtime (e.g., actions/setup-dotnet@v4 -> https://github.com/actions/setup-dotnet, actions/cache@v4 -> https://github.com/actions/cache, actions/checkout@v4 -> https://github.com/actions/checkout, actions/upload-artifact@v4 -> https://github.com/actions/upload-artifact), which run remote code and are required for the skill to function.