skills/onevcat/prowl/prowl-cli/Gen Agent Trust Hub

prowl-cli

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides detailed instructions and recipes for using the prowl send command to execute arbitrary shell commands and provide keyboard input to other terminal panes and agent sessions. This is the intended primary purpose of the tool for inter-pane coordination.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes terminal output from other agents and shell sessions via prowl read and prowl send --capture. Content from these external sources is ingested into the agent's context without explicit sanitization, potentially allowing untrusted data to influence the agent's logic.
  • Ingestion points: SKILL.md documents several methods to ingest external data, including prowl read --pane "$pane" and capturing output from prowl send --capture.
  • Boundary markers: The provided scripts do not use explicit boundary markers or delimiters when reading external terminal text into the agent context.
  • Capability inventory: The skill possesses high-privilege capabilities including arbitrary command execution (prowl send), keystroke injection (prowl key), and session termination (prowl pane close).
  • Sanitization: No sanitization, validation, or escaping of the captured terminal data is implemented in the command examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 07:00 AM
Security Audit — agent-trust-hub — prowl-cli