implementing-secret-scanning-with-gitleaks

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains CI/installation steps that download and execute a remote gitleaks binary (e.g., wget https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz and the pre-commit repo https://github.com/gitleaks/gitleaks), which are runtime fetches of external code the skill depends on and will execute in CI or developer environments.