apm-package-author
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches installation scripts for the APM CLI from Microsoft's official redirection service (aka.ms).
- [REMOTE_CODE_EXECUTION]: Executes downloaded installation scripts directly via shell (sh) or PowerShell (iex). These actions are consistent with the documented installation procedure for the Microsoft APM tool.
- [COMMAND_EXECUTION]: Instructs the user or agent to use CLI tools such as apm, mkdir, and rm to manage package manifests and local project structures.
- [SAFE]: No evidence of credential exposure, data exfiltration, or malicious prompt injection was found. The skill specifically recommends using environment variable interpolation for sensitive information.
Audit Metadata