prowl-cli
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions and recipes for using the
prowl sendcommand to execute arbitrary shell commands and provide keyboard input to other terminal panes and agent sessions. This is the intended primary purpose of the tool for inter-pane coordination. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes terminal output from other agents and shell sessions via
prowl readandprowl send --capture. Content from these external sources is ingested into the agent's context without explicit sanitization, potentially allowing untrusted data to influence the agent's logic. - Ingestion points:
SKILL.mddocuments several methods to ingest external data, includingprowl read --pane "$pane"and capturing output fromprowl send --capture. - Boundary markers: The provided scripts do not use explicit boundary markers or delimiters when reading external terminal text into the agent context.
- Capability inventory: The skill possesses high-privilege capabilities including arbitrary command execution (
prowl send), keystroke injection (prowl key), and session termination (prowl pane close). - Sanitization: No sanitization, validation, or escaping of the captured terminal data is implemented in the command examples.
Audit Metadata