Plugin Settings
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The 'multi-agent-swarm' example hook ('hooks/agent-stop-notification.sh') uses 'tmux send-keys' to transmit data parsed from a local settings file to a tmux session.
- Evidence: 'COORDINATOR_SESSION' and 'NOTIFICATION' are read from frontmatter and passed to 'tmux send-keys'.
- Risk: An attacker who can influence the settings file could achieve arbitrary command execution in active tmux sessions.
- [PROMPT_INJECTION] (LOW): The 'ralph-wiggum' loop mechanism ('hooks/stop-hook.sh') processes assistant output to control the agent's execution flow.
- Ingestion points: '.claude/ralph-loop.local.md' and assistant transcript.
- Boundary markers: '---' frontmatter markers.
- Capability inventory: Loop control via 'jq' block decision and file writes.
- Sanitization: Lacks sanitization for assistant-generated content used in control logic.
Audit Metadata