Cue — Security Overview

Prepared for WillowTree IT Security Review · April 2026 · Version 1.0

Executive Summary

Cue is a native macOS desktop application built on the Electron framework. It captures meeting audio, transcribes it on-device using macOS native speech recognition (SFSpeechRecognizer), and provides AI-assisted Q&A during meetings using the Anthropic Claude API. The application runs entirely on the user's local machine; no audio or transcript data is routed through any cloud transcription service or WillowTree-owned servers.

Prior to this security review request, the application underwent a structured multi-round adversarial code audit modelled on industry methodologies (OWASP Top 10:2025, Trail of Bits Differential Review, and OWASP AI Security Initiative 2026). All 11 source-code vulnerabilities identified were remediated. Production dependencies carry zero known vulnerabilities.

Audit outcome: 11 vulnerabilities found and fixed (3 High, 5 Medium, 3 Low). 0 Critical. 0 remaining in production code. The application is built on a strong security foundation with defense-in-depth across process isolation, secret storage, SQL safety, and OAuth flows.

Critical findings

11/11

Issues remediated

Production dependency CVEs

121/121

Unit tests passing

Audit Methodology

The audit was conducted in six sequential rounds, each targeting a distinct threat model:

Round	Methodology	Threat Focus
1	Differential Review (Trail of Bits)	Git-history-driven analysis of all recent changes
2	OWASP Top 10:2025	Injection, broken access control, cryptographic failures, misconfigurations
3	Insecure Defaults	Fail-open patterns, implicit trust, missing validation at trust boundaries
4	Sharp Edges	TypeScript/Node.js/Electron language-specific footguns
5	DoS Prevention	Unbounded buffers, unlimited connections, ReDoS, resource exhaustion
6	Electron Hardening + OWASP ASI 2026	Electron-specific security checklist; AI prompt injection and memory poisoning

Findings Summary

ID	Severity	Title	Status
HIGH-01	HIGH	Path Traversal in Library File Handlers	FIXED
HIGH-02	HIGH	Cross-Site Scripting in Markdown Renderer	FIXED
HIGH-03	HIGH	Plaintext Secrets Returned to Renderer	FIXED
MED-04	MEDIUM	Missing Electron Navigation Guards	FIXED
MED-05	MEDIUM	Unbounded Socket Buffer (Local DoS)	FIXED
MED-06	MEDIUM	Prototype Pollution in RPC Dispatch	FIXED
MED-07	MEDIUM	Token Encryption Divergence (Google Auth)	FIXED
MED-08	MEDIUM	Settings Manager Plaintext Fallback Untagged	FIXED
LOW-09	LOW	Prompt Injection via Knowledge Base Content	FIXED
LOW-10	LOW	Supply Chain Risk: Single-Maintainer Dependency	FIXED
LOW-11	LOW	Socket API Key Exposure & Settings Mutation	FIXED

Baseline Security Controls

The following controls were in place prior to the audit and represent the application's foundational security posture:

Electron Process Isolation

nodeIntegration: false — the UI layer (renderer) has no direct access to Node.js or the filesystem
contextIsolation: true — the preload bridge is isolated from renderer JavaScript, preventing prototype pollution across the boundary
sandbox: true — the renderer process runs in a macOS OS-level sandbox
All renderer→main communication is explicitly whitelisted via contextBridge; no implicit IPC is possible

Secret Storage

All API keys (Anthropic, GitHub, Jira, Google OAuth) are encrypted at rest using macOS Keychain via Electron's safeStorage API
Plaintext fallback is tagged with a pt1: prefix to prevent misinterpretation on encrypted/unencrypted session transitions
Secrets are never returned to the renderer UI in plaintext — only a redacted indicator ([redacted]) is sent

SQL Injection Prevention

All database queries use parameterized form throughout all five repository classes
No string concatenation in WHERE clauses or dynamic SQL construction anywhere in the codebase

OAuth Security

Google OAuth uses authorization code flow with a CSRF state parameter (random 128-bit nonce per session)
OAuth callback server is bound to 127.0.0.1 (loopback only) and auto-times out after 5 minutes
GitHub OAuth uses RFC 8628 device flow — no redirect URI or client secret required

Path Traversal Protection

A safeResolve() helper validates that all caller-supplied file paths stay within the application's designated output directory
Meeting titles are sanitized before use as filenames to strip path-separator characters

AI / Prompt Injection

Knowledge Base document content is delimited with XML tags and an explicit "treat as reference data only" instruction before being passed to the LLM
The LLM is granted no tool use or agentic capabilities — it generates text only, limiting the blast radius of any successful injection

Dependency Audit

A full npm audit was conducted. The production dependency tree carries zero known vulnerabilities. Six vulnerabilities remain in development dependencies (build-time and test-time tools only — not shipped to end users).

Scope	Before Audit	After Audit	Remaining
Critical	1	1 fixed	0
High	12	10 fixed	2 (devDeps only)
Moderate	7	4 fixed	3 (devDeps only)
Low	4	3 fixed	1 (devDeps only)

The highest-priority open item is an Electron runtime upgrade (v33 → v41), which resolves 18 high-severity CVEs in the bundled Chromium/V8 engine. This upgrade is deferred pending a full regression test across 8 major versions and is flagged as the top remaining recommendation.

Open Recommendations

Priority	Recommendation	Rationale
HIGH	Upgrade Electron 33 → 41	Resolves 18 CVEs including use-after-free, ASAR bypass, and AppleScript injection on macOS
MEDIUM	Add Content Security Policy header	Second line of defence against any future XSS beyond the current sanitization controls
LOW	Upgrade vite/esbuild (dev toolchain)	Dev server cross-origin vulnerability; does not affect production builds
LOW	Encrypt googleClientId / googleClientSecret via safeStorage	Defense-in-depth for physical access scenarios

Verification

All remediations were verified against the following checks before this document was prepared:

npm run typecheck — zero TypeScript errors
npm test — 121/121 unit tests passing
npm audit --omit=dev — 0 production vulnerabilities
Manual smoke test of all primary flows: meeting capture, transcription, AI Q&A, settings, Knowledge Base

Scope & Limitations

This assessment covered static source code analysis and npm dependency auditing. The following were not in scope and are recommended areas for the formal IT security review:

Dynamic analysis / runtime penetration testing
Network traffic inspection (Anthropic API communication)
Binary analysis of the compiled .app bundle
macOS entitlements and sandboxing entitlement review
Data retention and privacy compliance (microphone recordings, transcript storage)