yanzi-extension-dev

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt instructs the agent to read a local agent token, call the local agent API to create/edit extensions (POST /v1/extensions) and to launch processes (e.g., Start-Process / dotnet run), which directly modify the host application's files and run code on the machine — it does not request sudo or create OS users but it clearly enables changing machine state.

Issues (1)

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 11:23 PM
Issues
1
Security Audit — snyk — yanzi-extension-dev