Skills
skills/am-will/swarms/parallel-task-tmux/Gen Agent Trust Hub

parallel-task-tmux

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In scripts/tmux_run_codex_task.sh, the skill executes the codex exec command with the --dangerously-bypass-approvals-and-sandbox flag. This configuration explicitly disables the security sandboxing and approval mechanisms intended to protect the host system from unauthorized or malicious code.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it parses a user-provided plan.md file to generate instructions for its workers without any validation or sanitization.
  • Ingestion points: The plan.md file (referenced in SKILL.md) is used as the primary source for task scheduling and logic.
  • Boundary markers: There are no delimiters or "ignore previous instructions" warnings applied to the data ingested from the plan file.
  • Capability inventory: The skill possesses high-risk capabilities, including shell command execution, file system modifications, and the ability to run AI-generated code with sandbox bypasses enabled.
  • Sanitization: No sanitization, escaping, or schema validation is performed on the plan file content before it is transformed into executable prompts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 06:52 AM