tmux
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through terminal output ingestion.
- Ingestion points: Terminal buffer content is captured using 'tmux capture-pane' as documented in 'SKILL.md' and utilized in 'scripts/find-sessions.sh' and 'scripts/wait-for-text.sh'.
- Boundary markers: There are no boundary markers or delimiters provided to the agent to distinguish captured terminal text from system instructions.
- Capability inventory: The skill enables the agent to send arbitrary keystrokes and execute commands via 'tmux send-keys'.
- Sanitization: Captured text is not sanitized, filtered, or validated before being presented to the agent.
- [COMMAND_EXECUTION]: The skill is designed to execute commands and manage terminal sessions using the 'tmux' binary. It includes robust shell scripts for session discovery and state monitoring that handle variables safely.
Audit Metadata