tmux-init
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Installs a persistent macOS LaunchAgent ('com.claude.webhook.plist') that automatically starts a background service upon user login.
- [COMMAND_EXECUTION]: Modifies the user's shell environment ('~/.zshrc') to inject custom environment variables used for session tracking.
- [COMMAND_EXECUTION]: Automatically modifies Claude Code's internal configuration file ('~/.claude/settings.json') to register 'Stop' and 'Notification' hooks that execute external scripts.
- [DATA_EXFILTRATION]: Reads sensitive configuration files ('
/.claude/settings.json') and local execution logs ('/Library/Logs/claude-webhook/webhook.log') to verify status and monitor session events. - [PROMPT_INJECTION]: Establishes an indirect prompt injection surface through a webhook listener on port 9000. (1) Ingestion point: 'http://localhost:9000/hooks/claude-notify'. (2) Boundary markers: Absent. (3) Capability inventory: Modifies system configuration, shell profiles, and executes CLI tools. (4) Sanitization: Absent. This listener allows unauthenticated local requests to trigger the registered Claude execution hooks.
Audit Metadata