Supply ChainTier 1high
Supply Chain: Fake Package Instruction
Attacks through compromised dependencies and plugins
Supply chain attacks target the dependencies, plugins, and tools that AI agents rely on. A compromised package can give an attacker persistent access to every agent that installs it.
Attack Details
- Attack ID
- APWN-SC-001
- HMA Check
- SUPPLY-001
- Delivery Methods
- html-comment
- CWE
- CWE-829
- OASB Control
- 11.1
- Severity
- high
Remediation
If your AI agent is vulnerable to this attack, scan and fix with:
npx hackmyagent secure --check SUPPLY-001