Skills
skills/seanchiuai/multishot/electron-ipc/Gen Agent Trust Hub

electron-ipc

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
  • Electron Configuration (LOW): The BrowserWindow configuration explicitly sets sandbox: false. Although contextIsolation is enabled and nodeIntegration is disabled, disabling the sandbox removes a critical layer of defense-in-depth provided by the Chromium engine.
  • Evidence found in src/main/index.ts snippet within SKILL.md.
  • Indirect Prompt Injection Surface (LOW): The API interface defines a startRun(prompt: string, ...) method that passes user-controlled strings from the renderer to the main process. If the implementation of the start-run handler executes this prompt in a shell or passes it to a sensitive API without sanitization, it could lead to command injection.
  • Ingestion point: window.api.startRun in src/preload/index.ts.
  • Capability: The main process handler ipcMain.handle('start-run', ...) represents a boundary where untrusted data could influence system-level operations.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 08:52 AM