pulumi-go

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a GitHub Actions example that pulls and runs remote actions (actions/checkout@v4 and pulumi/auth-actions@v1 — i.e. github.com/actions/checkout and github.com/pulumi/auth-actions), which are fetched and executed at CI/runtime and therefore constitute runtime external code execution.