agent-v3-queen-coordinator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre/post-execution hooks invoke "npx agentic-flow@alpha" (i.e., fetching the agentic-flow package from the npm registry at runtime), which will download and execute remote code during runtime, so this external dependency can directly execute code and influence agent behavior.