status-line-live
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/statusline.shexecutes several shell commands based on local workspace state and files. It usesgitto extract branch information and project names from the current directory. It also reads from specific files like.worktree-name,~/.ai-memory/theme.json, and~/.claude/session-titles/to render the status line. While these are standard behaviors for a status-line renderer, they involve processing data from the filesystem into a shell execution context. - [COMMAND_EXECUTION]: The script uses
bcfor floating-point arithmetic andjqfor JSON parsing of both stdin and local files. Input from Claude Code's stdin is piped directly intojqto extract session metadata. - [DATA_EXPOSURE]: The skill reads session JSONL files from
~/.claude/projects/to calculate token usage. This is a local read operation necessary for the skill's primary function (token tracking) and does not involve external transmission of the data. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the workspace (e.g., git branch names, project directory names, and content of
.worktree-name) and interpolates them into the status line. While this is rendered for the user and not fed back into the LLM as a prompt, it represents an injection surface where a malicious repository could influence the agent's UI output.
Audit Metadata