tmux
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides shell scripts and detailed instructions for executing
tmuxcommands to manage interactive terminal sessions, send input, and scrape output history. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Terminal output is captured via
tmux capture-paneinSKILL.md,scripts/find-sessions.sh, andscripts/wait-for-text.sh. 2. Boundary markers: No explicit markers are used to distinguish terminal output from the agent's systemic instructions. 3. Capability inventory: The skill allows sending arbitrary keystrokes (tmux send-keys) and managing sessions (new-session,kill-session), which can be leveraged to execute commands. 4. Sanitization: Terminal data is captured and processed as raw text without validation or filtering for potential embedded commands or instructions.
Audit Metadata