Apptrust Evidence Policies

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime API calls to the user's JFrog instance (e.g., ${JFROG_URL}/unifiedpolicy/api/v1/templates, ${JFROG_URL}/unifiedpolicy/api/v1/rules, and ${JFROG_URL}/unifiedpolicy/api/v1/templates/${TEMPLATE_ID}), fetching template/rule JSON (including rego policies) that the agent inspects and uses to decide whether to create or modify policies, so remote content can directly influence the agent's behavior.