vm-docker

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the skill performs runtime pulls of container images (e.g., crane pull booklore/booklore:latest, ghcr.io/gethomepage/homepage:latest, quay.io/hedgedoc/hedgedoc:1.10.2) which fetch external code that will be loaded and executed as containers, so they are runtime dependencies that execute remote code.