Skip to content

[skill-update] agent-package-manager-skill-update: clarify default transitive MCP security#21

Draft
github-actions[bot] wants to merge 1 commit into
mainfrom
skill-update/agent-package-manager-mcp-security-default-25285ab3e2bfe9ff
Draft

[skill-update] agent-package-manager-skill-update: clarify default transitive MCP security#21
github-actions[bot] wants to merge 1 commit into
mainfrom
skill-update/agent-package-manager-mcp-security-default-25285ab3e2bfe9ff

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Summary

Updates skills/agent-package-manager to reflect the APM homepage's explicit Secure by default guarantee for transitive MCP server blocking.

Material Deltas Found

Gap: The previous skill documented two security mechanisms separately but did not clearly state that transitive MCP blocking is a default behavior (not only a policy-driven one):

  • SKILL.md item 10 only mentioned hidden-Unicode and content-hash scanning
  • SKILL.md item 11 only mentioned MCP blocking in the context of apm-policy.yml
  • manifest-and-lockfile.md Policy governance section implied blocking required a policy file

Source justification: APM homepage [Secure by default card]((microsoft.github.io/redacted) "Every install scans for hidden Unicode, pins content hashes, and blocks transitive MCP servers unless they are explicitly declared or trusted. No opt-in required."

Files Changed

File Change
skills/agent-package-manager/SKILL.md Step 3 item 10: added default transitive MCP blocking note; item 11: clarified policy adds restrictions on top of the default block
skills/agent-package-manager/references/manifest-and-lockfile.md Policy governance section expanded to distinguish the two-layer security model (default block + optional policy layer)

Validation

  • Metadata validator: SUCCESS (name and description unchanged)
  • SKILL.md line count: 67 (well under 500-line limit)
  • Checklist reviewed: all items pass

Unresolved Risks

  • The prefetched source is only the APM homepage HTML (`(microsoft.github.io/redacted) The fuller CLI reference, manifest schema, and governance guide pages were not fetched. The behavioral claim in item 10/11 is consistent with the homepage and existing policy documentation, but cannot be fully verified against the governance guide without fetching that page.
  • The exact semantics of "trusted" (i.e., what constitutes a trusted transitive MCP — explicit policy allowlist vs. registry trust level) is not detailed in the homepage; this skill uses the homepage wording verbatim to avoid over-specifying.

Generated by Skill Update Worker · ● 20.3M ·

…cking behavior

The APM homepage 'Secure by default' card explicitly states that apm install
blocks transitive MCP servers by default unless they are explicitly declared
in dependencies.mcp or trusted — no opt-in required.

The previous SKILL.md (item 10) only mentioned Unicode/hash security scanning
and omitted this default blocking behavior. Item 11 (policy) mentioned
transitive MCP blocking only in the context of apm-policy.yml, which could
mislead an agent into thinking blocking only applies when org policy is configured.

Changes:
- SKILL.md Step 3 item 10: add default transitive MCP blocking note
- SKILL.md Step 3 item 11: clarify policy adds restrictions on top of default
- manifest-and-lockfile.md: expand Policy governance section to distinguish
  the two-layer security model (default block + optional policy layer)

Source: https://microsoft.github.io/apm/#secure-by-default

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants