tmux
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates direct interaction with shell environments through the use of
tmux send-keys. This allows the agent to execute arbitrary commands and keystrokes within any managed tmux session.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on processing raw terminal output which may include content from untrusted processes. - Ingestion points: Terminal output is ingested via the
tmux capture-panecommand inSKILL.mdand thescripts/wait-for-text.shutility script. - Boundary markers: No explicit delimiters or instructions are provided to the agent to help it distinguish between legitimate shell prompts and instructions embedded within captured terminal text.
- Capability inventory: The agent possesses the capability to execute shell commands, perform file system operations, and manage background processes through the tmux interface.
- Sanitization: Captured terminal content is not sanitized, escaped, or filtered before being returned to the agent's context.
Audit Metadata