Supply chain risk is the chance that something you imported came with something you didn’t mean to invite in. It doesn’t only come from obviously sketchy software. Modern tools are built from other people’s work, layers deep.
Think about letting an outside contractor bring their own toolkit into your office. Most are fine, and their tools speed the work, but if nobody checks the kit, you may not notice that one tool can open the locked cabinet or copy files off the front desk.
How it shows up
A normal dependency may pull in ten more packages. A useful plugin may install scripts, connectors, or permissions. We’ve flagged this with external skills especially, since they’re easy to share as plain markdown, which also means you shouldn’t paste random instructions from the internet into an agent that can read files, call tools, or touch client data. With AI, instructions are part of the supply chain now, so a document can carry prompt injection and a workflow can quietly tell the agent to ignore your rules.
Why you care
The real question isn’t whether you trust the internet. It’s what an outside thing is allowed to do once it’s inside. If it can only format a harmless text file, the risk is low. If it can read client folders, send emails, or reach a secret, the bar should be much higher: review it, limit permissions, use trusted sources. Every outside shortcut also creates an inside permission question.