dot-dash
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata and description explicitly state support for 'prompt injection'. It utilizes a 'UserPromptSubmit' hook that intercepts the message stream to check an 'injection queue' before every user message, providing a deliberate mechanism to override or bypass agent instructions.
- [DATA_EXFILTRATION]: The skill monitors and broadcasts live transcripts of all active sessions to a browser dashboard. It achieves this by tailing sensitive JSONL log files at
~/.claude/projects/*/*.jsonl, which exposes session history and private project data over a network interface via WebSockets. - [COMMAND_EXECUTION]: To enable its features, the skill requires the user to execute a shell script (
bash plugins/dot-dash/scripts/start-server.sh) which initializes a background server capable of monitoring files and injecting data into the agent's workflow.
Recommendations
- AI detected serious security threats
Audit Metadata