install-sandbox-psu
Warn
Audited by Snyk on Mar 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The Install-PSU.ps1 script explicitly fetches external resources (Invoke-RestMethod https://devolutions.net/productinfo.json and CDN zip) and — critically — can clone arbitrary public Git repositories via "git clone $GitRepo $repoDirectory" (and seeds that repo into the PSU data/repository) which the PSU server will load/run, meaning untrusted, user-controlled content from the open web can materially influence runtime behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill fetches and extracts a runtime binary from the Devolutions CDN (Invoke-RestMethod downloads https://cdn.devolutions.net/download/Devolutions.PowerShellUniversal.win-x64.$Version.zip which is expanded and then Start-Process runs Universal.Server.exe), so remote code is downloaded and executed at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata