ci-pipeline-patterns

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow references GitHub Actions that are fetched and run at workflow runtime—e.g., actions/checkout@v4 (https://github.com/actions/checkout), actions/setup-node@v4 (https://github.com/actions/setup-node), trufflesecurity/trufflehog@main (https://github.com/trufflesecurity/trufflehog), github/codeql-action/analyze@v3 (https://github.com/github/codeql-action), docker/build-push-action@v5 (https://github.com/docker/build-push-action), and similar repos—so remote repository code is downloaded and executed as required runtime dependencies.