I only had time to skim this, but it doesn't seem like prompt injection to me, just good old fashioned malware in a node package.
Your other two examples do seem to open the door for prompt injection, I was just asking about documented cases of it succeeding.