manager

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates fetching and running external repos at runtime—compose-agentsmd pulls policy/rules from the git source "github:metyatech/agent-rules@HEAD" (via agent-ruleset.json) and the README shows npx installing/executing "git+https://github.com/metyatech/agents-mcp.git#main" to enable agents-mcp—both of which are required for operation and directly control agent prompts/behavior or execute remote code.