pm

The fragment provides a legitimate automation for convenience but lowers runtime security prompts and persists permissions. In trusted automation scenarios this is acceptable with strong integrity controls; in untrusted contexts, it creates a privilege escalation risk and a persistently actionable configuration change. Recommend scoped, auditable, time-bound permissions, explicit validation, and signing of agent-kit/plugin updates to mitigate risk.