Iterm2
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user to download code via 'git clone https://github.com/tmux-plugins/tpm' in 'workflows/SetupTmux.md' and 'TmuxConfig.md'. The 'tmux-plugins' organization is not a recognized trusted source.
- REMOTE_CODE_EXECUTION (HIGH): In 'TmuxConfig.md', the skill directs the user to add 'run "~/.tmux/plugins/tpm/tpm"' to the '.tmux.conf' file. This command executes the previously downloaded scripts whenever tmux starts or reloads.
- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands, including 'brew install tmux' for package management and a local script at '~/.claude/Tools/SkillWorkflowNotification' for session tracking.
- INDIRECT_PROMPT_INJECTION (LOW): 1. Ingestion points: User-provided names for tmux sessions and windows in 'workflows/TmuxSession.md'. 2. Boundary markers: Absent; instructions are not delimited. 3. Capability inventory: Shell execution through 'tmux', 'git', and 'brew'. 4. Sanitization: Absent; user input is interpolated directly into shell command strings.
Recommendations
- AI detected serious security threats
Audit Metadata