agent-package-manager
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). Outsider-authored free text can enter the LLM context when the required runtime workflow runs
apm install/apm deps updateto fetch third-party packages/skills (e.g.,owner/repo/path), because those fetched repositories’ prompt/agent/skill markdown files are ingested as readable text into the agent’s deployed context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The troubleshooting steps explicitly instruct running remote installers that are fetched-and-executed at runtime (curl -sSL https://aka.ms/apm-unix | sh and irm https://aka.ms/apm-windows | iex) to install the required apm CLI, which is remote code execution used to enable the skill workflow.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata