tmux
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to execute arbitrary shell commands via
tmux send-keys. While this is high-risk functionality, the implementation uses the-l(literal) flag in examples and follows best practices for script arguments. The severity is lowered as this is the primary intended purpose of the skill. - [PROMPT_INJECTION] (LOW): Detected potential for Indirect Prompt Injection (Category 8).
- Ingestion points: Terminal output is ingested into the agent context via
tmux capture-pane(utilized inscripts/wait-for-text.shand documented inSKILL.md). - Boundary markers: Absent. There are no explicit delimiters or instructions provided to the agent to ignore command-like patterns within the captured terminal text.
- Capability inventory: The skill possesses high-privilege capabilities including arbitrary shell command execution (
tmux send-keys) and session management (tmux kill-server). - Sanitization: Absent. Output is captured and processed as raw text.
- [DATA_EXPOSURE] (SAFE): While
capture-panecan read sensitive information if it is printed to the terminal, the scripts target private sockets in/tmpby default, reducing the risk of accidental exposure to other users on a multi-user system.
Audit Metadata