Skills
skills/buddyh/agent-skills/agent-comms/Gen Agent Trust Hub

agent-comms

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The send command in scripts/agent-msg uses tmux send-keys followed by an 'Enter' signal. This enables one agent session to execute arbitrary shell commands in any other active tmux session without session-level authorization.
  • [DATA_EXFILTRATION]: The read command in scripts/agent-msg uses tmux capture-pane to retrieve the terminal output/history of other sessions. This creates a risk for harvesting sensitive information like API keys, credentials, or environment variables that may have been displayed or logged in those sessions.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface. Ingestion points: The read command in scripts/agent-msg ingests untrusted terminal content. Boundary markers: No markers are used to delimit external content or warn the agent. Capability inventory: The skill can inject commands (send), read terminal buffers (read), and access filesystem paths (info). Sanitization: Terminal output is retrieved and returned to the agent without any sanitization or filtering.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 02:26 AM