AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit project setup CLI that installs AI-agent context files and an OpenCode plugin. The concrete risk is a shell-injection bug in the installed plugin because future user task text is interpolated into execSync.
Decision evidence
public snapshot- bin/run.mjs copies template/.opencode into the caller project and overwrites AGENTS.md after backing it up.
- template/.opencode/opencode.json registers .opencode/plugins/context-loader.js as an OpenCode plugin.
- template/.opencode/plugins/context-loader.js runs execSync(`node "${LOADER_SCRIPT}" "${task}"`) with user task text interpolated into a shell command.
- bin/run.mjs executes runtime commands: npm install @sentropic/graphify and npx graphify detect/update/studio export.
- template/scripts/export-schema.mjs reads process.env.DATABASE_URL and queries local PostgreSQL information_schema when user-run.
- package.json has no preinstall/install/postinstall lifecycle hooks; behavior is activated by the bin command npx youmindag.
- No source shows credential exfiltration, destructive deletion, persistence outside the target project, or remote payload download.
- Network behavior is package-aligned dependency/tool use around @sentropic/graphify rather than a hidden endpoint.
- README.md openly describes injecting .opencode, scripts, AGENTS.md, and installing Graphify.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/run.mjsView on unpkgPackage source invokes a package manager install command at runtime.
bin/run.mjsView on unpkg · L2