microsoft · markcowl · Dec 5, 2025 · Nov 3, 2025 · Nov 3, 2025 · Nov 3, 2025
diff --git a/.chronus/changes/add-security-warning-tsp-init-docs-2025-11-10-20-22-32.md b/.chronus/changes/add-security-warning-tsp-init-docs-2025-11-10-20-22-32.md
@@ -0,0 +1,7 @@
+---
+changeKind: fix
+packages:
+  - "@typespec/compiler"
+---
+
+Add security warning to tsp init CLI documentation for external templates (#8916)
@@ -211,7 +211,8 @@ async function main() {
       (cmd) =>
         cmd
           .positional("templatesUrl", {
-            description: "Url of the initialization template",
+            description:
+              "Url of the initialization template. WARNING: Downloading or using an untrusted template may contain malicious packages that can compromise your system and data. Proceed with caution and verify the source.",
             type: "string",
           })
           .option("template", {

@@ -8,6 +8,10 @@ TypeSpec offers a scaffolding feature through the `tsp init` command.
 tsp init <templateUrl>
 ```
 
+:::warning
+When using `tsp init` with an external template URL, be aware that downloading or using an untrusted template may contain malicious packages that can compromise your system and data. Proceed with caution and verify the source.
+:::
+
 ## Setting a minimum TypeSpec version
 
 If your template requires a feature that was introduced in a later version of TypeSpec, you can specify this in the template. This will alert the user that the template may not function as expected and ask them to confirm if they wish to proceed.

@@ -5,6 +5,10 @@ title: Cli usage
 
 See full usage documentation by typing `tsp --help`:
 
+:::warning
+When using `tsp init` with an external template URL, be aware that downloading or using an untrusted template may contain malicious packages that can compromise your system and data. Proceed with caution and verify the source.
+:::
+
 ```bash
 >tsp --help
 TypeSpec compiler v0.36.1