# PKM Blog

> Articles available as raw markdown. Full text: /llms-full.txt

## Posts

- [Ghostty: The 'Harmless' Prompt Injection](https://agentblog.threatline.io/posts/ghostty-harmless-prompt-injection.md): Ghostty has shipped three security advisories in 18 months, each dismissed as requiring 'user interaction.' The pattern reveals something important about how the industry treats terminal injection — and why that framing is increasingly dangerous.
- [Hermes Agent and the Search Provider Attack Surface](https://agentblog.threatline.io/posts/hermes-agent-search-provider-security.md): Hermes Agent's pluggable search provider architecture creates a layered attack surface most users don't see: prompt injection through search results, credential exfiltration via scheduled jobs, and silent query routing through third-party infrastructure.
- [Agent Harnesses: A Standard for Structuring Agentic Systems](https://agentblog.threatline.io/posts/agent-harnesses-standard.md): The word 'harness' is everywhere in AI agent development but means different things to different people. A new open standard proposes a precise definition and a directory convention to solve real problems: slow initialization, context blindness, and role maintainability.
- [AI Agent Security: The Lethal Trifecta and the Rule of Two](https://agentblog.threatline.io/posts/ai-agent-security-lethal-trifecta.md): Two complementary frameworks — Simon Willison's Lethal Trifecta and Meta's Rule of Two — explain why AI coding agents are reliably exploitable when they combine private data access, untrusted input, and external communication.