gke-app-onboarding

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Kubernetes manifest references an external container image (image: gcr.io/my-project/node-app@sha256:0123456789abcdef...) which will be pulled and executed at deployment/runtime, so the skill relies on remote image content that executes code (also note builder/base images like gcr.io/buildpacks/builder:latest, gcr.io/distroless/static:nonroot, and node:18-slim are pulled during build/deploy).