LPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack surface is established. Explicit adapter installation modifies project-local AI-agent configuration and installs persistent prompt/session hooks.
Static reason
No blocking static signals were detected.
Trigger
User runs `mancode init` or `mancode install <platform>` in a project.
Impact
Subsequent supported AI-agent sessions can receive package-authored workflow instructions and prompt context.
Mechanism
project-local AI-agent hook, skill, rule, and settings installation
Rationale
This is an explicit, first-party project agent-extension installer rather than concrete malware. Per policy, its persistent hook/config mutation warrants a warn verdict, not a block.
Evidence
package.jsondist/cli.jsdist/chunk-KEIW7AEP.js.mancode/hooks/session-start.mjs.mancode/hooks/user-prompt-submit.mjs.mancode/config.json.claude/settings.json.claude/skills/.claude/agents/.agents/skills/.cursor/rules/AGENTS.md.github/copilot-instructions.md