tmux
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill is designed for interactive terminal management and performs its tasks using standard, secure tmux conventions.
- [COMMAND_EXECUTION]: The skill facilitates command execution via tmux keystrokes as its primary intended function. The documentation recommends the use of the '-l' flag for 'send-keys' to ensure inputs are treated as literals, which mitigates command injection risks into the tmux utility itself.
- [PROMPT_INJECTION]: The skill includes instructions for orchestrating other coding agents. While it mentions flags such as '--yolo' for automation, this is specific to tool orchestration and does not attempt to bypass the primary agent's safety protocols. The terminal output reading creates a surface for indirect prompt injection, but this is handled within the context of intended terminal management.
- [DATA_EXFILTRATION]: The skill uses 'tmux capture-pane' and 'wait-for-text.sh' to read terminal output, creating a surface for potential exposure of sensitive data to the agent's context. This is an inherent and necessary capability for terminal interaction and does not involve unauthorized external data transmission.
Audit Metadata