LPM treats this as warn-only first-party agent extension lifecycle risk. On Pi session start, the extension conditionally modifies the current project's `AGENTS.md` to promote/install peer agent tools. It also reports install telemetry and uses install hooks to fetch a SHA-256-pinned upstream skill archive.
Static reason
One or more suspicious static signals were detected.
Trigger
Load the Pi extension and start a session with a missing peer package; npm install activates lifecycle hooks.
Impact
Can alter project AI-agent instructions without a separate user command and make a package-aligned telemetry request; no confirmed exfiltration or remote-code chain beyond the pinned archive was found.
Mechanism
guarded agent-control-surface write, telemetry, and hash-pinned skill staging
Rationale
This is a guarded extension lifecycle/control-surface risk rather than a confirmed malicious chain. Automatic project `AGENTS.md` mutation and default telemetry justify warning, while hash verification and absence of credential theft, destructive behavior, or unpinned payload execution argue against blocking.
Evidence
package.jsonextensions/index.tssrc/agents-block.tssrc/install-telemetry.tsscripts/stage.mjsscripts/commit.mjsAGENTS.md~/.pi/agent/extensions/compound-engineering-install.jsonskills/THIRD-PARTY-NOTICES
Network endpoints2
/EveryInc/compound-engineering-plugin/tar.gz/refs/tags/compound-engineering-v3.19.0