I wanted to say: dont use the built-in network adapter and everything will be OK, but any modern NIC or WiFi already contain a SoC with CPU and RTOS, so keep calm and clean.
Actually, you should try to use the things you listed in real corporate environment, to find that they are so hard in use, buggy and undocumented, that was quicker and easier to send some technicians to make the needed changes on PCs instead of spending hours trying to make this crap works as it should. So if the qualified system engineers are hard to use such techs in practice (in controlled environment!), malevolent use in the wild Internet should be overcomplicated as well.
Let's suppose for a moment that I am ok with RTOS.
Why would not using the internal NIC matter at all ? AMT is supposed to control the entire machine... so once compromised it could surely also control an extension card nic ?!
The on-board NIC often based on chipset-integrated MAC functions (i.e. they are just a PHY chips), and chipset MAC have a dedicated connection to ME/vPro, making traffic interception and insertion works for management functions. The PCI-connected NIC (with own MAC) is not so easy for traffic intervention, there is a need for special protocol support (so Intel-based NICs are bad choice for security paranoics) or OS level NDIS filter insertion (included in ME driver stack), or direct PCIe memory area manipulation (needs knowledge about exact NIC controller details).
To exploit AMT/ME villain should first take control over your home router, to make possible sending magic packets, custom DHCP options and make a special traffic redirection to his own server with PXE boot feature, HTTPS responder with valid TLS certificate, and Intel toolkits installed. And the PC can stall in any moment due usually bad firmware and NIC MB initializations routines in home desktop market MBs BIOS. Having control over users router by itself make much more simple attacks possible, with no need for complex server setup and dealing with bad OEM intergration.