AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit setup CLI for injecting project context files and an OpenCode plugin. It creates an agent extension that mutates future tool commands and contains a shell-injection risk through unescaped task text.
Decision evidence
public snapshot- bin/run.mjs explicitly copies template/.opencode into target project and overwrites AGENTS.md after backup
- template/.opencode/opencode.json registers plugins/context-loader.js for OpenCode
- context-loader.js hooks tool.execute.before and mutates output.args.command before tool execution
- context-loader.js builds execSync shell command with unescaped user task inside double quotes
- bin/run.mjs runs npm install @sentropic/graphify and several npx graphify commands in target project
- package.json has no preinstall/install/postinstall lifecycle scripts
- Activation is via user-invoked npx/bin, not automatic package install
- No credential harvesting or outbound exfiltration endpoint found
- Network activity is limited to npm/npx package-aligned Graphify install/use
- Template scripts mainly read project docs/source metadata and write generated docs
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/run.mjsView on unpkgPackage source invokes a package manager install command at runtime.
bin/run.mjsView on unpkg · L2