tmux
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The core purpose of the skill is to provide the agent with arbitrary command execution capabilities via
tmux send-keys. While intended for interaction, this can be abused to run any command on the host system. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion point:
tmux capture-paneandscripts/wait-for-text.shscrape raw terminal output. 2. Boundary markers: Absent; terminal output is processed without delimiters. 3. Capability inventory:tmux send-keysallows arbitrary command execution. 4. Sanitization: Absent; the agent is instructed to wait for and react to patterns in untrusted output. - [EXTERNAL_DOWNLOADS] (LOW): Documentation suggests the use of external tools like
codex, though these are not listed as mandatory dependencies in the metadata.
Recommendations
- AI detected serious security threats
Audit Metadata