The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains a dedicated section (2.4) titled 'Bypassing Hook Restrictions via Buffer Paste'. This section explicitly instructs the agent on how to circumvent command monitoring and security filters that may be inspecting tool calls. It suggests using load-buffer and paste-buffer to execute restricted commands like sudo without triggering local inspection hooks.
[COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary commands in background terminal sessions using tmux send-keys. This allows the agent to run commands in contexts where they may not be properly validated or monitored, specifically as a method to evade security controls.
[DATA_EXFILTRATION]: The tmux capture-pane functionality allows the agent to scrape the contents of other terminal panes. This poses a significant risk of exposing sensitive information, such as environment variables, passwords, or configuration data that may be visible in other active terminal sessions.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: Data is ingested into the agent context via tmux capture-pane as described in sections 1.2 and 1.3 of SKILL.md.
Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore malicious content within the captured terminal output.
Capability inventory: The skill possesses multiple subprocess-related capabilities including tmux send-keys (command execution), tmux load-buffer (file reading/buffer manipulation), and tmux capture-pane (reading external data).
Sanitization: Absent. There is no evidence of output validation, escaping, or filtering of the content retrieved from external terminal panes before it is processed by the agent.

tmux