detecting-malicious-npm-packages

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The runtime path scripts/agent.py -> download_tarball() uses npm view <pkg>@<ver> dist.tarball and urllib.request.urlretrieve(url, tgz) to fetch an outsider-authored npm tarball from the public registry, then inspect_tarball() extracts and reads its *.js/package.json text into the agent’s in-memory data structures (and thus into the LLM context if the report is later provided to the LLM), which is indirect prompt-injection exposure from attacker-controlled package contents.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 01:35 AM
Issues
1
Security Audit — snyk — detecting-malicious-npm-packages