agent-package-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly direct the agent to fetch and install APM packages from public GitHub (e.g., "apm install github.com/owner/repo" in the Create/Validate/Test steps) and the agent declares web/fetch tools (and templates that use fetch/search), so it will read and integrate untrusted, user-generated third‑party package content whose primitives (agents/prompts) can change subsequent actions and tool use.