tmux
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
tmux send-keysto provide programmatic input to terminal sessions, allowing the agent to control interactive CLI tools and TUIs. - [DATA_EXFILTRATION]: The skill can scrape terminal scrollback and pane content using
tmux capture-pane. This is an intended feature for monitoring session status but also creates a surface for reading any sensitive data present in the terminal. No network-based exfiltration was identified. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) as it processes data from terminal outputs that could be influenced by external processes.
- Ingestion points: Terminal output is read into the agent's context using
tmux capture-paneinSKILL.mdandscripts/wait-for-text.sh. - Boundary markers: The skill does not implement delimiters or specific instructions to isolate captured terminal text from agent instructions.
- Capability inventory: The agent can perform file system operations and execute commands via
tmux send-keysand the provided shell scripts. - Sanitization: There is no evidence of sanitization or validation of the captured terminal output before it is processed.
Audit Metadata