tmux
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates control over interactive terminal environments by allowing the agent to send arbitrary keystrokes and shell commands to tmux sessions using the
tmux send-keysutility.\n- [DATA_EXFILTRATION]: Terminal content and history are accessible via thetmux capture-panecommand. This presents a risk of sensitive data exposure if credentials, keys, or private information are present in the terminal buffer or scrollback history.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability surface as it ingests untrusted data into the agent context.\n - Ingestion points: The
scripts/wait-for-text.shscript and documented usage patterns inSKILL.mdread terminal output directly into the agent's context usingtmux capture-pane.\n - Boundary markers: There are no boundary markers or explicit instructions provided to the agent to treat captured terminal output as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The agent possesses high-impact capabilities, including the ability to execute commands in terminal sessions via
tmux send-keysand manage system processes via tmux management commands.\n - Sanitization: No sanitization or validation of the captured terminal text is performed before it is processed by the agent.
Audit Metadata