tmux

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and instructs sending plaintext secrets in commands (e.g., tmx send "mypassword", sudo_password, and docker -e POSTGRES_PASSWORD=pass), which requires the agent to include secret values verbatim in outputs and poses high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly connects to arbitrary remote hosts and captures/interprets their terminal output (see SKILL.md "Pattern 1: SSH Sessions" and the scripts scripts/tmx.sh and scripts/tmx.ps1 where tmx sync/capture and Wait-ForPrompt read capture-pane output to decide when to proceed), so untrusted third-party content can drive prompt-detection and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs installing software with sudo, running privileged commands (including sending sudo passwords via tmux), and launching containers, which encourage and enable state-changing, privileged operations on the host.