registry  /  gsdd-cli  /  0.30.0

gsdd-cli@0.30.0

Workspine — plan, execute, and verify AI-assisted work from files in your repo, with proof before done. Published as gsdd-cli.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `gsdd init` or `gsdd update` in a project.
Impact
Adds/updates `.codex`, `.opencode`, and optionally root `AGENTS.md` instructions in the selected project.
Mechanism
Explicit generation of project-local workflow templates and AI-agent adapter files.
Rationale
Source shows an explicit-user-command agent-extension setup capability rather than concrete malicious behavior. Flag as warn under the control-surface policy, not block.
Evidence
package.jsonbin/gsdd.mjsbin/lib/init-flow.mjsbin/lib/init-runtime.mjsbin/adapters/codex.mjsbin/adapters/agents.mjsbin/adapters/opencode.mjs.work/.agents/skills/.codex/agents/gsdd-plan-checker.toml.codex/agents/gsdd-approach-explorer.toml.opencode/commands/.opencode/agents/AGENTS.md

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/lib/init-flow.mjs` runs adapter generation on explicit `gsdd init`/`gsdd update`.
  • `bin/adapters/codex.mjs` writes `.codex/agents/gsdd-*.toml`.
  • `bin/adapters/agents.mjs` creates or modifies the project-root `AGENTS.md`.
  • `bin/adapters/opencode.mjs` generates `.opencode/commands` and `.opencode/agents` files.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • The only lifecycle script is a publish-time GitHub Actions guard.
  • No network client/API use or non-metadata endpoint was found in executable source.
  • No credential harvesting, shell payload execution, eval, or dynamic code loading was found.
  • Control-surface writes are confined to explicit CLI initialization/update actions.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 32 file(s), 394 KB of source

Source & flagged code

4 flagged · loading source
bin/lib/init-flow.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/lib/init-flow.mjs` runs adapter generation on explicit `gsdd init`/`gsdd update`.

bin/lib/init-flow.mjsView on unpkg
bin/adapters/codex.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/adapters/codex.mjs` writes `.codex/agents/gsdd-*.toml`.

bin/adapters/codex.mjsView on unpkg
bin/adapters/agents.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/adapters/agents.mjs` creates or modifies the project-root `AGENTS.md`.

bin/adapters/agents.mjsView on unpkg
bin/adapters/opencode.mjsView file
Published source reference
Medium
Ai Review Evidence

`bin/adapters/opencode.mjs` generates `.opencode/commands` and `.opencode/agents` files.

bin/adapters/opencode.mjsView on unpkg

Findings

5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencebin/lib/init-flow.mjs
MediumAi Review Evidencebin/adapters/codex.mjs
MediumAi Review Evidencebin/adapters/agents.mjs
MediumAi Review Evidencebin/adapters/opencode.mjs
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings