Subagent Development

The skill's core logic, as defined in SKILL.md and the prompt templates, appears benign, focusing on structured AI agent-driven software development and review processes. However, the `README.md` file contains an installation instruction (`npx add https://github.com/wpank/ai/tree/main/skills/meta/subagent-development`) that fetches and executes code directly from a remote GitHub URL. While a common installation pattern, this presents a significant supply chain vulnerability, as a compromise of the remote repository could lead to arbitrary code execution on the user's system during installation. This constitutes a risky capability without clear malicious intent within the skill's operational code itself, thus classifying it as suspicious.