yanzi-extension-dev
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt instructs the agent to read a local agent token, call the local agent API to create/edit extensions (POST /v1/extensions) and to launch processes (e.g., Start-Process / dotnet run), which directly modify the host application's files and run code on the machine — it does not request sudo or create OS users but it clearly enables changing machine state.
Issues (1)
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata