tmux
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's documentation explicitly teaches and provides examples for sending sensitive credentials, such as sudo and SSH passwords, in plain text to terminal sessions using the send-keys functionality. This practice exposes credentials to process monitoring and shell history. Evidence includes examples like 'tmx send server "mypassword"' and 'tmx send prod "sudo_password"' in the SKILL.md file.
- [EXTERNAL_DOWNLOADS]: The documentation instructs users to download and install binary utilities and add custom Scoop buckets from a personal GitHub repository (marlocarlo/psmux) that is not associated with a recognized trusted organization.
- [COMMAND_EXECUTION]: The helper scripts 'tmx.sh' and 'tmx.ps1' provide wrappers that facilitate the execution of arbitrary commands within tmux or psmux sessions.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by capturing raw terminal output and providing it back to the agent without any sanitization or boundary markers. Ingestion points: Output is read via 'tmux capture-pane' in both 'scripts/tmx.sh' and 'scripts/tmx.ps1'. Boundary markers: None are implemented. Capability inventory: The skill can execute arbitrary commands via 'send-keys' and manage system processes. Sanitization: No filtering or validation of the captured terminal content is performed.
Recommendations
- AI detected serious security threats
Audit Metadata