agent-package-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md Step 3 and Step 4 and references/manifest-and-lockfile.md) explicitly instructs using apm install and listing external dependencies like owner/repo/path and MCP servers (e.g., io.github.github/github-mcp-server), which causes the agent to fetch and deploy prompts/agents/skills/hooks from public third‑party repositories and registries that can contain untrusted, user‑generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The troubleshooting docs instruct running remote-install commands that fetch-and-execute code at runtime (curl -sSL https://aka.ms/apm-unix | sh and irm https://aka.ms/apm-windows | iex) to obtain the required apm CLI, which directly executes remote code the skill depends on.