detecting-malicious-npm-packages
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The runtime path
scripts/agent.py -> download_tarball()usesnpm view <pkg>@<ver> dist.tarballandurllib.request.urlretrieve(url, tgz)to fetch an outsider-authored npm tarball from the public registry, theninspect_tarball()extracts and reads its*.js/package.jsontext into the agent’s in-memory data structures (and thus into the LLM context if the report is later provided to the LLM), which is indirect prompt-injection exposure from attacker-controlled package contents.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata