AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is confirmed. Explicit AI-skill execution can launch a selected locally installed AI CLI using task-controlled frontmatter.
Decision evidence
public snapshot- `templates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjs` spawns installed AI CLI executables.
- Task frontmatter can select an external harness/model before explicit skill execution.
- The dispatcher passes task markdown and workspace paths to the selected external CLI.
- `package.json` has no preinstall/install/postinstall hook; `prepare` only runs Husky.
- `dist/cli.js` exposes only explicit `init` and `serve` commands.
- `dist/index.js` writes templates only after user-invoked `init`.
- Dispatcher uses fixed harness names, `shell: false`, PATH availability, and auth-status checks.
- No package runtime HTTP/network module or exfiltration endpoint was found.
- Flagged eval/New Function is bundled `gray-matter`/`js-yaml` dependency code, not a hidden loader.
Source & flagged code
4 flagged · loading sourceSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L283Package source references a known benign dynamic code generation pattern.
templates/harness/skills/st-full-workflow/scripts/dispatch-task-execution.cjsView on unpkg · L1371Package source references dynamic require/import behavior.
dist/prompts.jsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
templates/harness/skills/st-execute-blueprint/scripts/dispatch-task-execution.cjsView on unpkg