AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is a first-party Pi agent extension and runner with explicit user-command activation. It exposes agent orchestration capabilities but no unconsented install-time mutation, credential harvesting, exfiltration, or remote payload loading was found.
Decision evidence
public snapshot- package.json declares a Pi extension at ./extensions/autopilot.ts
- src/extension.ts registers /autopilot and /autopilot-restart commands and activates context_budget
- src/core/agent-runner.ts user-invoked CLI can spawn a Pi RPC child with bash/write tools for some roles
- src/internal/status-extension.ts registers child-only autopilot_emit_status from an env-provided context file
- package.json has no preinstall/install/postinstall lifecycle hooks
- bin/autopilot-agent-run.mjs only dispatches to the packaged compiled CLI when explicitly invoked
- No fetch/http client or exfiltration endpoint found in source inspection
- src/core/agent-runner.ts launches Pi with --no-extensions and a package-owned status extension path
- src/core/forced-output/writer.ts bounds status/receipt writes to the configured artifact root
Source & flagged code
4 flagged · loading sourcepackage.json declares a Pi extension at ./extensions/autopilot.ts
package.jsonView on unpkgsrc/extension.ts registers /autopilot and /autopilot-restart commands and activates context_budget
src/extension.tsView on unpkgsrc/core/agent-runner.ts user-invoked CLI can spawn a Pi RPC child with bash/write tools for some roles
src/core/agent-runner.tsView on unpkgsrc/internal/status-extension.ts registers child-only autopilot_emit_status from an env-provided context file
src/internal/status-extension.tsView on unpkg