AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious attack surface was confirmed. The main risk is explicit user-command installation of TestSprite-owned agent instructions into project agent config files.
Decision evidence
public snapshot- Explicit `testsprite setup`/`agent install` can write coding-agent instruction files including `AGENTS.md` and `.claude/skills/...` via `dist/commands/agent.js`.
- `dist/commands/init.js` runs credential setup then installs default TestSprite agent skills unless `--no-agent` is used.
- `dist/commands/auth.js` stores API keys in `~/.testsprite/credentials` after validating against the TestSprite API.
- `package.json` has no npm lifecycle hooks; no install-time execution or unconsented mutation found.
- Network use is package-aligned: default API host `https://api.testsprite.com` and update check `https://registry.npmjs.org/@testsprite%2Ftestsprite-cli/latest`.
- Credential handling is user-invoked, validates key with `/me`, writes local credentials with restrictive permissions, and does not show exfiltration to unrelated hosts.
- Agent file writes are explicit CLI commands, scoped to known TestSprite skill assets, sentinel-managed for `AGENTS.md`, and include symlink/path checks.
- No `child_process`, eval/vm/Function, native binary loading, persistence, destructive behavior, or reviewer prompt injection found in inspected entrypoints.
Source & flagged code
3 flagged · loading sourceExplicit `testsprite setup`/`agent install` can write coding-agent instruction files including `AGENTS.md` and `.claude/skills/...` via `dist/commands/agent.js`.
dist/commands/agent.jsView on unpkg`dist/commands/init.js` runs credential setup then installs default TestSprite agent skills unless `--no-agent` is used.
dist/commands/init.jsView on unpkg`dist/commands/auth.js` stores API keys in `~/.testsprite/credentials` after validating against the TestSprite API.
dist/commands/auth.jsView on unpkg