process-manager
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/process-manager.tsutility performs arbitrary shell command execution throughsh -c. Specifically, thestartProcessfunction uses a template literal to construct a background command (nohup ${proc.command}), which allows for command injection if the configuration file contains unsanitized input.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing configuration data that may be controlled by external actors: - Ingestion points: The skill reads and executes process definitions from
.claude/process-config.jsonlocated at the project root. - Boundary markers: Absent; the JSON content is parsed and used directly to construct shell commands without delimiters or safety instructions.
- Capability inventory: The script has broad permissions (
--allow-run,--allow-net) and can invokesh,kill,lsof, andps, as well as perform networkfetch()requests. - Sanitization: No validation, escaping, or sanitization is performed on the
commandorurlfields retrieved from the configuration file before use in shell execution or network operations.
Audit Metadata