install-atk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The required runtime workflow runs npx -y --package @microsoft/m365agentstoolkit-cli atk --version, which downloads and executes a package from the public npm registry (outsider-authored free text/code that can be ingested via package metadata/scripts).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs "npx -y --package @microsoft/m365agentstoolkit-cli atk" at runtime, which fetches and executes remote code (the @microsoft/m365agentstoolkit-cli package from npm), so it relies on a runtime external dependency that executes remote code.