agent-protocol

This module itself is not overtly malicious: it implements a subscription mechanism that runs user-specified handler scripts with event JSON on stdin. The main security risk is that it will execute arbitrary local handlers without sandboxing or validation and uses a predictable subscriptions file location. If an attacker can modify the subscriptions file or place/replace handler files, they can achieve arbitrary code execution within the subscriber's privileges. There is no inherent network exfiltration in this code, but handlers run by it may perform such actions. Recommend treating subscriptions.json and the handlers directory as sensitive, hardening permissions, validating/whitelisting handlers, or sandboxing handler execution.