tmux
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
tmuxcommands to manage terminal sessions, capture output, and send keystrokes. These are the core intended functions of the skill. - [DATA_EXPOSURE]: The skill accesses terminal output via
tmux capture-pane. This is necessary for its stated purpose of scraping pane output and does not involve unauthorized file access or network transmission. - [REMOTE_CODE_EXECUTION]: While the documentation mentions running coding agents like
codexorclaude-code, the skill itself does not download or execute remote code; it provides a framework for the user to orchestrate their own local tools. - [INDIRECT_PROMPT_INJECTION]: The
wait-for-text.shscript processes terminal output which could technically contain adversarial text. However, the script only performs regex matching for control flow and does not feed this data back into an LLM prompt in an unsafe manner within the provided scripts.
Audit Metadata