subagent-driven-development

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill example explicitly fetches a plan at runtime using "gh api repos/primatrix/wiki/contents/docs/rfc/NNNN-feature.md" (GitHub API), and then injects that fetched RFC text into subagent prompts to drive implementation, so the runtime-fetched content directly controls agent instructions and is a required dependency.