tmux
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides numerous examples for spawning background processes using
tmux new-session -d. This allows an agent to execute arbitrary shell commands that persist in the background, potentially bypassing monitoring or execution time limits. - REMOTE_CODE_EXECUTION (HIGH): The
tmux send-keysfunctionality allows the agent to inject arbitrary input and commands into existing terminal sessions or interactive REPLs (like Python). This facilitates runtime code injection into active processes. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted data enters the agent context via
tmux capture-pane -pwhich reads output from potentially attacker-controlled processes or logs. 2. Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the captured output. 3. Capability inventory: The skill possessesnew-session,send-keys, andpipe-panecapabilities, allowing it to execute commands and write files. 4. Sanitization: No sanitization or validation of captured terminal output is performed before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata