progressive-delivery

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit install-time commands that fetch and execute remote content — notably the Kargo quickstart curl that pipes to sh (curl -L https://raw.githubusercontent.com/akuity/kargo/main/hack/quickstart/install.sh | sh) and Argo Rollouts install/download URLs (e.g. https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml and the kubectl-argo-rollouts download URL) which download and run remote code/YAML as part of setup.