fix: Address 3 MEDIUM security audit findings

- Fix UTF-8 byte-slicing panic in parse_cc_command (use chars().skip())
- Add 1MB stdin read limit in hook processor (prevent OOM)
- Add -l (literal) flag to send_slash_command (prevent tmux key injection)
- Validate slash commands against safe character pattern
- Add warning log on datetime parse failures

Security audit: 0 CRITICAL, 0 HIGH, 0 remaining MEDIUM findings.

Co-Authored-By: claude-flow <ruv@ruv.net>

Author: Robert E. Lee

src/bot.rs

@@ -282,7 +282,9 @@ pub fn is_kill_command(text: &str) -> bool {
 pub fn parse_cc_command(text: &str) -> Option<String> {
     let lower = text.to_lowercase();
     if lower.starts_with("cc ") {
-        Some(format!("/{}", text[3..].trim()))
+        // UTF-8 safe: skip 3 chars (not bytes) to avoid panicking on multi-byte input
+        let rest: String = text.chars().skip(3).collect();
+        Some(format!("/{}", rest.trim()))
     } else {
         None
     }

src/hook.rs

@@ -11,9 +11,9 @@ use tokio::net::UnixStream;
 /// It reads JSON from stdin, forwards to the bridge daemon via unix socket,
 /// and optionally returns hookSpecificOutput to Claude Code on stdout.
 pub async fn process_hook(socket_path: &std::path::Path) -> Result<()> {
-    // Read all of stdin
+    // Read stdin with 1 MB limit to prevent unbounded memory allocation
     let mut input = String::new();
-    io::stdin().read_to_string(&mut input)?;
+    io::stdin().take(1_048_576).read_to_string(&mut input)?;
 
     let input = input.trim();
     if input.is_empty() {

src/injector.rs

@@ -176,12 +176,29 @@ impl InputInjector {
             None => return Ok(false),
         };
 
-        // Send command text (without -l, so tmux interprets special keys)
+        // Validate command matches safe pattern: /word (alphanumeric + hyphens only)
+        let cmd_body = command.strip_prefix('/').unwrap_or(command);
+        if !cmd_body
+            .chars()
+            .all(|c| c.is_alphanumeric() || c == '-' || c == '_' || c == ' ')
+        {
+            tracing::warn!(
+                command,
+                "Slash command rejected: contains unsafe characters"
+            );
+            return Ok(false);
+        }
+
+        // Send command text with -l (literal mode) to prevent tmux key interpretation
         let mut cmd = Command::new("tmux");
         if let Some(socket) = &self.tmux_socket {
             cmd.arg("-S").arg(socket);
         }
-        cmd.arg("send-keys").arg("-t").arg(target).arg(command);
+        cmd.arg("send-keys")
+            .arg("-t")
+            .arg(target)
+            .arg("-l")
+            .arg(command);
 
         let output = cmd.output()?;
         if !output.status.success() {

src/session.rs

@@ -403,7 +403,10 @@ impl SessionManager {
 fn parse_datetime(s: &str) -> DateTime<Utc> {
     DateTime::parse_from_rfc3339(s)
         .map(|dt| dt.with_timezone(&Utc))
-        .unwrap_or_else(|_| Utc::now())
+        .unwrap_or_else(|e| {
+            tracing::warn!(input = %s, error = %e, "Failed to parse datetime, falling back to now");
+            Utc::now()
+        })
 }
 
 #[cfg(test)]