chronicle
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/install-services.sh establishes system-level persistence by installing launchd property lists into ~/Library/LaunchAgents/. This configuration enables background execution of the dashboard server and automated agents on user login.
- [COMMAND_EXECUTION]: Multiple components, including scripts/dashboard.ts and scripts/usage-queries.ts, use child_process.execSync to run git, bash, and duckdb commands. Although the skill implements basic sanitization for project names, the interpolation of these strings into shell commands presents a significant injection surface.
- [PROMPT_INJECTION]: The scripts/extract-lib.ts file processes session transcripts which contain raw user input. This data is interpolated into a system prompt for the Haiku model without robust boundary markers or instructions to ignore embedded commands, making the skill vulnerable to indirect prompt injection.
Audit Metadata