This module is a facilitator for collecting repository files, attachments, image data, crawl logs, and other context and sending them wholesale to an external AI gateway (self.ai.arch_stream_prompt). I find no direct signs of intentionally malicious code (no remote shells, no obfuscated payloads, no command execution). However, it exhibits a high risk of sensitive-data exposure: it reads and appends full file contents and image data into prompts and instructs inclusion of API keys if provided. If used in a repository that contains secrets, private keys, credentials, or proprietary data, those will likely be transmitted to the external AI service. Recommended mitigations before use: add explicit redaction/whitelisting of safe file types and paths, avoid automatic inclusion of API keys/private files, confirm the trustworthiness and access controls of the AI gateway, and log minimally. Treat as non-malicious but high-risk for data exfiltration.
Live on pypi for 5 days, 3 hours and 46 minutes before removal. Socket users were protected even while the package was live.