but

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README lists a required install step that fetches and executes remote code at install time (curl -sSL https://gitbutler.com/install.sh | sh), which is a runtime installation dependency that executes remote code and thus poses a high-risk external dependency.