tmux
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary functionality is to create and manage tmux sessions where arbitrary shell commands can be executed. This behavior is documented and inherent to the purpose of a terminal session manager.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes terminal output which could originate from untrusted sources.
- Ingestion points: Terminal history and live output are retrieved via the
capturePanefunction inlib.tsand thehandleCapturelogic intui.ts. - Boundary markers: Absent. The skill handles raw terminal text without applying specific delimiters or instruction-ignore markers.
- Capability inventory: The skill has the ability to execute shell commands and inject keystrokes into active sessions via
createSessionandsendKeysinlib.ts. - Sanitization: No sanitization or safety filtering is applied to the terminal output before it is returned to the agent context.
Audit Metadata