AI Security Review
scanned 2h ago · by lpm-firewall-aiThe CMS can dynamically import JavaScript from UNPKG at browser runtime for optional dependencies. It also exposes explicit, authenticated GitHub Agent Task actions.
Decision evidence
public snapshot- `dist/gitbase-cms.mjs.map` maps `src/lib/services/app/dependencies.js`, whose `loadModule()` dynamically imports modules from `https://unpkg.com/${library}@${version}`.
- The browser bundle invokes the remote loader for optional runtime features, so third-party CDN JavaScript can execute after package load.
- `dist/gitbase-cms.mjs.map` maps `src/lib/services/integrations/gitbase/github-agent.js`, which submits explicit user prompts to GitHub Agent Tasks or `/admin/cms/agent/*` using an authenticated session token.
- `package.json` has no `preinstall`, `install`, `postinstall`, `prepare`, or `bin` entrypoint.
- No mapped source imports Node `child_process` or uses `execSync`, `spawnSync`, `eval`, or `new Function`; the child-process scanner hit is unsupported.
- Bidi controls originate in bundled third-party editor/UI sources in the source map, not package-owned Gitbase source.
- Agent calls are gated by signed-in state and explicit task functions; no package code writes AI-agent configuration files.
Source & flagged code
5 flagged · loading sourceSource downloads or fetches remote code and executes it.
dist/gitbase-cms.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/gitbase-cms.jsView on unpkg · L126Package source references child process execution.
dist/gitbase-cms.jsView on unpkg · L694Package source references dynamic require/import behavior.
dist/gitbase-cms.jsView on unpkg · L643A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/gitbase-cms.mjsView on unpkg · L1