tmux
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Command Execution (HIGH): The script
scripts/tmux_run_job.pyaccepts a--commandargument which is interpolated into a shell command string and executed viabash -lcwithin a tmux session. This allows for arbitrary command execution on the host machine. - Persistence Mechanisms (HIGH): The script
scripts/tmux_healthcheck_cron.pyprovides functionality to automatically modify the user's crontab (crontab -andcrontab -l) to install recurring background tasks. This is a common persistence vector used in malicious activities. - Indirect Prompt Injection (LOW): The skill exhibits a significant attack surface for indirect injection. Ingestion points: Data enters via the
--commandargument inscripts/tmux_run_job.py. Boundary markers: None; the command is interpolated into a shell script. Capability inventory:subprocess.runis used to executetmuxcommands that spawnbashprocesses;crontabis used to modify system schedules. Sanitization: Whileshlex.quoteis used for the outer shell wrapper, the actual payload command is directly interpolated, leaving it vulnerable to shell injection if the source data is untrusted.
Recommendations
- AI detected serious security threats
Audit Metadata