2import {
L3: execAgenticCapture,
L4: execAgenticDetached,
...
L236: async function runSolutionOverride(opts) {
L237: const loaded = resolveSolution({ solutionName: process.env.AGENTIC_SOLUTION || void 0 });
L238: const name = loaded.config.name;
...
L402: const repoRootR = await run("git", ["rev-parse", "--show-toplevel"], { cwd: sol2.rootDir, allowFailure: true });
L403: if (repoRootR.exitCode !== 0 || !repoRootR.stdout) return;
L404: const repoRoot = repoRootR.stdout;
...
L577: const r = await run("gh", ["issue", "view", String(issue), "--repo", repo, "--json", fields.join(",")]);
L578: return JSON.parse(r.stdout);
L579: }
CriticalCommand Output Exfiltration
Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L2 2Trigger-reachable chain: manifest.bin -> dist/cli.js
L2: import {
L3: execAgenticCapture,
L4: execAgenticDetached,
...
L236: async function runSolutionOverride(opts) {
L237: const loaded = resolveSolution({ solutionName: process.env.AGENTIC_SOLUTION || void 0 });
L238: const name = loaded.config.name;
...
L402: const repoRootR = await run("git", ["rev-parse", "--show-toplevel"], { cwd: sol2.rootDir, allowFailure: true });
L403: if (repoRootR.exitCode !== 0 || !repoRootR.stdout) return;
L404: const repoRoot = repoRootR.stdout;
...
L577: const r = await run("gh", ["issue", "view", String(issue), "--repo", repo, "--json", fields.join(",")]);
L578: return JSON.parse(r.stdout);
L579: }
CriticalTrigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L2 2import {
L3: execAgenticCapture,
L4: execAgenticDetached,
...
L236: async function runSolutionOverride(opts) {
L237: const loaded = resolveSolution({ solutionName: process.env.AGENTIC_SOLUTION || void 0 });
L238: const name = loaded.config.name;
...
L402: const repoRootR = await run("git", ["rev-parse", "--show-toplevel"], { cwd: sol2.rootDir, allowFailure: true });
L403: if (repoRootR.exitCode !== 0 || !repoRootR.stdout) return;
L404: const repoRoot = repoRootR.stdout;
...
L577: const r = await run("gh", ["issue", "view", String(issue), "--repo", repo, "--json", fields.join(",")]);
L578: return JSON.parse(r.stdout);
L579: }
MediumInstall Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/cli.jsView on unpkg · L2 2import {
L3: execAgenticCapture,
L4: execAgenticDetached,
...
L236: async function runSolutionOverride(opts) {
L237: const loaded = resolveSolution({ solutionName: process.env.AGENTIC_SOLUTION || void 0 });
L238: const name = loaded.config.name;
...
L402: const repoRootR = await run("git", ["rev-parse", "--show-toplevel"], { cwd: sol2.rootDir, allowFailure: true });
L403: if (repoRootR.exitCode !== 0 || !repoRootR.stdout) return;
L404: const repoRoot = repoRootR.stdout;
...
L577: const r = await run("gh", ["issue", "view", String(issue), "--repo", repo, "--json", fields.join(",")]);
L578: return JSON.parse(r.stdout);
L579: }
LowWeak Crypto
Package source references weak cryptographic algorithms.
dist/cli.jsView on unpkg · L2