AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/lib/init-flow.mjs` runs adapter generation on explicit `gsdd init`/`gsdd update`.
- `bin/adapters/codex.mjs` writes `.codex/agents/gsdd-*.toml`.
- `bin/adapters/agents.mjs` creates or modifies the project-root `AGENTS.md`.
- `bin/adapters/opencode.mjs` generates `.opencode/commands` and `.opencode/agents` files.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- The only lifecycle script is a publish-time GitHub Actions guard.
- No network client/API use or non-metadata endpoint was found in executable source.
- No credential harvesting, shell payload execution, eval, or dynamic code loading was found.
- Control-surface writes are confined to explicit CLI initialization/update actions.
Source & flagged code
4 flagged · loading source`bin/lib/init-flow.mjs` runs adapter generation on explicit `gsdd init`/`gsdd update`.
bin/lib/init-flow.mjsView on unpkg`bin/adapters/codex.mjs` writes `.codex/agents/gsdd-*.toml`.
bin/adapters/codex.mjsView on unpkg`bin/adapters/agents.mjs` creates or modifies the project-root `AGENTS.md`.
bin/adapters/agents.mjsView on unpkg`bin/adapters/opencode.mjs` generates `.opencode/commands` and `.opencode/agents` files.
bin/adapters/opencode.mjsView on unpkg