zed-editor
Warn
Audited by Snyk on May 6, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and runs untrusted third-party content (e.g., downloading GitHub release assets via zed::latest_github_release and zed::download_file and installing npm packages via zed::npm_install_package) as shown in the "Downloading Language Server from GitHub", "Using npm Packages", and "Common Patterns" sections, and those downloaded artifacts are executed/used at runtime so their content can influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The manifest defines agent server archives (for example https://github.com/owner/repo/releases/download/v1.0.0/agent-linux-x64.tar.gz) that the extension downloads at runtime and then runs (cmd "./agent" args ["--serve"]), which is remote code fetched and executed.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata