AI Security Review
scanned 38m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack path is present. An explicit `AiInstructions` API can synthesize project-local instruction files for several AI coding agents; this is a guarded control-surface capability rather than a confirmed malicious chain.
Decision evidence
public snapshot- `lib/ai-instructions.js` provides an opt-in component that generates `AGENTS.md`, `CLAUDE.md`, Cursor, Copilot, Amazon Q, and Kiro instruction files.
- Those files are created during project synthesis after a caller instantiates `AiInstructions`; defaults target all supported agents.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `bin/projen` invokes the CLI only after explicit execution.
- `lib/ai-instructions.js` has no package-internal `new AiInstructions` call; it is an exported API.
- `lib/run-task.cjs` runs consuming-project task manifests only after explicit task invocation.
- No package-owned endpoint, credential exfiltration, remote payload fetch, or destructive chain was found.
Source & flagged code
9 flagged · loading sourcePackage contains a critical-looking secret pattern.
lib/run-task.cjsView on unpkg · L5907Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
lib/run-task.cjsView on unpkg · L874Package source references dynamic require/import behavior.
lib/cdk/index.jsView on unpkg · L16Package source executes code through a VM context API.
lib/projects.jsView on unpkg · L74This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/javascript/biome/biome.jsView on unpkg