agent-bootstrap

Functionally coherent bootstrapper design that matches its stated purpose. The primary security issues are supply-chain and execution risk: installing remote skills via npx/git/curl without integrity verification and running arbitrary manifest-specified shell commands on the host. If used only with trusted manifests and sources (pinned commits, verified registries) and with user confirmation, risk is reduced to acceptable for operational tooling. If used with untrusted manifests or unverified remote sources, the package poses a significant supply-chain risk. Recommended mitigations: require pinned commits or checksums for remote installs, verify signatures or use a curated registry, avoid global non-interactive installs by default, present explicit user confirmation before executing remote installers or verification commands, and ensure generated configs never inline secret values.