Clipboard Poisoning Vulnerability in Striatum: Global data-copy Hooking Exposes Operators to Silent Command Injection

A security review conducted during dogfood-056 has identified a clipboard poisoning surface in Striatum's `copy_on_click.js` module. The vulnerability stems from the script globally hooking every element bearing a `data-copy` attribute across the entire document, rather than restricting the behavior to specific trusted containers. This design choice creates an attack vector where malicious commands could be silently placed on an operator's clipboard, awaiting an unsuspecting paste into a terminal.

The mechanism is straightforward: any element on the page—including transparent overlays or commonly-used navigation links—can be assigned a `data-copy` attribute containing arbitrary content. When an operator clicks such an element, the attribute value transfers to the clipboard without user confirmation or visual feedback. An attacker with the ability to merge a malicious pull request, or who exploits a separate XSS vulnerability, could embed a command like `rm -rf /` into a deceptive element. The operator, accustomed to copying code snippets or tokens through the platform, would paste the payload unknowingly.

The finding carries a low severity rating because exploitation requires either a malicious PR landing in the codebase or a pre-existing XSS flaw. However, reviewers note that the underlying affordance design itself constitutes the vulnerability: the system automatically arms any element with `data-copy`, regardless of context or trustworthiness. The recommended mitigation involves whitelisting specific container classes—such as `.recipe-list`, `.code-recipe`, or `.copyable-token`—and rejecting `data-copy` attributes outside those permitted zones. This containment approach would prevent clipboard poisoning even if an attacker introduces malicious markup.