Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `code-flow init --platform=claude|codex|costrict|opencode`; configured agent events subsequently invoke hooks.
Impact
Can alter agent context and execute project validation commands during agent lifecycle events; no exfiltration or remote payload chain was confirmed.
Mechanism
Explicit project-local AI-agent hook installation and validation-command execution.
Rationale
The package is not malicious by source evidence, but its explicit setup installs active AI-agent hooks and can invoke project commands. Per firewall policy, that capability warrants a warning rather than a publish block.
Evidence
package.jsonsrc/cli.jssrc/adapters/codex/hooks.jsonsrc/core/code-flow/scripts/cf_stop_hook.pysrc/core/code-flow/scripts/cf_user_prompt_hook.pysrc/adapters/codex/config.tomlsrc/adapters/claude/settings.local.jsonsrc/adapters/costrict/settings.local.jsonsrc/core/code-flow/scripts/cf_pre_tool_hook.pysrc/core/code-flow/scripts/cf_post_hook.py.code-flow/**.codex/hooks.json