cli-design

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running compose-agentsmd which fetches rules from the external repository github:metyatech/agent-rules@HEAD at runtime, and those fetched rules directly control agent prompts/behavior (AGENTS.md), so this is a runtime external dependency that governs instructions.