create-agentic-workflow

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The generated GitHub Actions workflow will install and run the Copilot CLI via "npm i -g @github/copilot" (npm registry: https://registry.npmjs.org/@github/copilot) and also uses the marketplace action actions/checkout@v4 (https://github.com/actions/checkout), both of which are fetched at workflow runtime and the Copilot CLI in particular executes remote code required for the agent to run.