tmux
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute arbitrary shell commands to manage agent orchestration.
spawn_subagent.shexecutes a user-provided or default command (e.g.,devin --permission-mode dangerous) inside a new tmux window usingtmux new-window.send_command.shtransmits literal text to a shell running inside a tmux window usingtmux send-keys -lfollowed by an Enter key signal.exit_subagent.shsends termination commands and potentially kills tmux windows to ensure cleanup.- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection common to orchestration tools.
- Ingestion points: The
send_command.shandspawn_subagent.shscripts accept command strings that are often derived from agent reasoning or data processing. - Boundary markers: No specific boundary markers or instructions are provided to distinguish between orchestration commands and potentially malicious instructions embedded in the data processed by subagents.
- Capability inventory: The skill has the capability to execute shell commands, manage processes via tmux, and write/read files from the
/tmpdirectory as seen in the workflow examples inSKILL.md. - Sanitization: The scripts use
send-keys -lto prevent the tmux binary from interpreting special characters within the command string, though they do not sanitize the content for the target shell.
Audit Metadata