Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `ai-md install`, `doctor --fix`, `pull`, `push`, or `ensure-tools`.
Impact
A user-selected or default remote configuration can become active in local AI-agent skill/rule directories; `ensure-tools` executes a third-party installer.
Mechanism
User-invoked Git sync, symlink replacement, and external tool installation.
Rationale
The package is not malicious by source evidence, but its explicit commands mutate AI-agent configuration surfaces and execute a remote installer. Warn rather than block because no unconsented install-time action, exfiltration, stealth, or payload execution was found.
Evidence
package.jsonbin/ai-md.jslib/config.jslib/commands.jsscripts/sync-config.shscripts/ensure-agent-tools.shscripts/link-project.sh~/.ai-md~/.cursor/skills~/.cursor/rules~/.claude/skills~/.agents/skills<user-repo>/.cursor<user-repo>/.gitignore