atmos-packer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are direct archive download links from generic/unverified hosts (an S3 bucket and a custom releases domain; one URL is malformed) with no visible provenance, signatures, or checksums, so they could plausibly be used to distribute malware if the sources are untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's "Source Management and JIT Vendoring" (SKILL.md) and the "atmos packer source" commands in references/commands-reference.md show Atmos will automatically download vendored component sources from arbitrary git/http/s3/OCI URIs (e.g., GitHub) and then use those user-provided templates/provisioners as part of packer runs, meaning untrusted third‑party content is fetched and can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Atmos auto-downloads JIT vendored sources at runtime (e.g., github.com/cloudposse/packer-templates//ami-builder?ref=1.0.0), which fetches Packer templates and included scripts that control build instructions and can be executed by Packer, so the fetched external content can directly control execution.