temet-run-tui-patterns

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The skill fragment is broadly benign and consistent with its stated purpose of providing TUI patterns for temet-run agent monitoring. It demonstrates standard, self-contained filesystem discovery, IPC interactions, and observability patterns appropriate for a UI dashboard. No hardcoded secrets, external downloads, or credential exfiltration patterns are evident. The most notable considerations are ensuring IPC security/authentication, proper handling of stale PID files, and ensuring the Settings/configuration layer remains secure. Overall assessment: BENIGN with MEDIUM risk due to IPC surface area and local file-based discovery (security risk 0.45). LLM verification: The provided code examples implement legitimate local TUI patterns for monitoring temet-run agents. I found no signs of remote data exfiltration, command-and-control, reverse shells, or obfuscated/malicious payloads. Primary risks are operational and supply-chain adjacent: automatic deletion of PID files, forwarding unsanitized user prompts to local IPC (agent) which could trigger actions or leak data, and potential logging of sensitive configuration loaded from .env. Mitigations: validate and s