emdash-github-actions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The workflows fetch and execute remote code at runtime (installing packages from the npm registry via registry-url https://registry.npmjs.org and running actions like actions/checkout@v5/actions/setup-node@v5), so these external endpoints/repos are required runtime dependencies that execute remote code.