LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit installer provisions AI-agent configuration, hooks, and optionally third-party extensions. Installed SessionStart configuration can run a project hook that performs `git pull --rebase`.
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2781A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3577Package ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgA package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/prune-ecc.shView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L2781Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L3577