cmux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's built-in browser automation (see SKILL.md and references/browser.md commands like "cmux --json browser open ", navigate, snapshot, get text/html, click, fill) explicitly fetches and interprets arbitrary external websites, meaning untrusted public web content can be read and used to drive agent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs launching sub-agents with a --dangerously-skip-permissions flag and sends arbitrary shell commands to panes (which can be used to bypass agent-level safeguards and modify files), so it encourages bypassing security even though it doesn't directly request sudo or user creation.