tmux
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
tmuxcommand-line tool to manage sessions and send keys directly to terminal panes. This functionality is the core of the skill and allows the agent to execute arbitrary shell commands within the tmux environment. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it captures output from terminal panes using
tmux capture-paneand processes it via helper scripts. If the terminal displays untrusted content (e.g., log files, web pages, or output from other tools), that content could contain instructions that influence the agent's behavior. - Ingestion points: Terminal output is ingested via
SKILL.mdexamples and thescripts/wait-for-text.shscript which polls pane history. - Boundary markers: The skill does not provide clear delimiters or instructions to the agent to treat scraped terminal output as untrusted data.
- Capability inventory: The agent can interact with a shell (
tmux send-keys), interact with the file system through that shell, and read terminal history. - Sanitization: There is no sanitization or filtering of captured terminal text before it is returned to the agent context.
Audit Metadata