workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The devcontainer's postCreateCommand in assets/devcontainer.json runs "npx --yes skills@latest add /opt/asta-plugins --all -g --yes", which fetches and installs third-party Asta skills from the public npm registry that the agent will load and could materially change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The devcontainer pulls and runs the remote container image ghcr.io/allenai/asta:latest and executes a runtime npx command that fetches and runs the npm package "skills@latest" (via "npx --yes skills@latest ..."), which downloads and executes remote code as part of the container setup.