AI Security Review
scanned 3h ago · by lpm-firewall-aiExplicit progress-artifact writes can escape the configured artifact root through unsanitized path segments. No install-time attack, exfiltration, or remote payload path was found.
Decision evidence
public snapshot- `dist/progress/index.js` joins caller-controlled `artifactRoot`, `runId`, and `role` into write paths without containment checks.
- `progress.write` uses recursive `mkdir`, `writeFile`, and `rename`, enabling a runtime path-traversal arbitrary-file-write primitive.
- The progress API is exposed by the agent runtime for caller-invoked writes (`dist/types.d.ts`).
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- No package source uses network clients, shell execution, eval, VM loading, or environment harvesting.
- `dist/index.js` only imports and exports runtime modules; import-time code shows no persistence or payload execution.
- Filesystem writes are confined to the explicit progress-artifact feature rather than install-time behavior.
Source & flagged code
2 flagged · loading source`dist/progress/index.js` joins caller-controlled `artifactRoot`, `runId`, and `role` into write paths without containment checks.
dist/progress/index.jsView on unpkgThe progress API is exposed by the agent runtime for caller-invoked writes (`dist/types.d.ts`).
dist/types.d.tsView on unpkg