tmuxinator

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN: The fragment is documentation and configuration scaffolding for a legitimate tmux session orchestration tool. Its capabilities (templated config, ERB expansion, lifecycle hooks, window/pane layouts) align with the stated purpose. Installation sources are reputable (RubyGems, Homebrew). Data flows are confined to environment-driven config generation and local command execution via tmux panes. No malicious behavior or covert data exfiltration is apparent in the provided content. LLM verification: The artifact is documentation explaining tmuxinator configuration and demonstrates features that allow execution of arbitrary shell commands via lifecycle hooks and pane commands. There is no intrinsic malicious code in the document, but the capabilities it describes enable high-impact supply-chain and execution risks if untrusted YAML files or example install commands are run without review. Recommend policy and documentation updates: warn users about arbitrary command execution, advise pinning