hve-core-installer
Warn
Audited by Snyk on Apr 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow explicitly instructs the agent to clone and read a public GitHub repository (e.g., "git clone https://github.com/microsoft/hve-core.git" in Phase 4 and to read collections/*.collection.yml and other files in the cloned hve-core tree) and to fetch/install from the VS Code Marketplace, meaning the agent ingests open/public third‑party content at runtime which is then parsed and used to make installation/agent-copy/upgrade decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The installer performs runtime fetches that directly supply agents/prompts: e.g., it runs git clone https://github.com/microsoft/hve-core.git (and can install the VS Code extension from https://marketplace.visualstudio.com/items?itemName=ise-hve-essentials.hve-core), and the fetched repository/extension content is relied on to provide prompts/instructions that control agent behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata