two-agent-harness

The described two-agent harness is functionally coherent and appears intended to automate local project breakdown and implementation workflows. The primary security concern is installing and auto-executing opaque shell hooks and trusting an installer script without review. The documented bypass keywords meaningfully weaken enforcement. No explicit evidence of network exfiltration or hard-coded credentials is present in the provided description, but the missing script contents create a supply-chain risk. Advise manual code review of the setup script and each hook before installation; treat the package as potentially risky until verified.