observable-framework-deploying

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow invokes external GitHub Actions (for example "uses: actions/checkout@v4" — https://github.com/actions/checkout) which are fetched and executed at runtime in CI, so they execute remote code and are required by the deploy job.