cmux
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
cmuxglobal Node.js package. Since this package is provided by the skill author (manaflow-ai), it is considered a vendor-owned resource and documented as standard functionality. - [COMMAND_EXECUTION]: The skill enables the execution of arbitrary shell commands and interactive terminal sessions within remote sandboxes using
cmux execandcmux pty. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface via browser automation features that read content from external websites.
- Ingestion points: Website content, accessibility trees, and screenshots retrieved through
cmux computer snapshotand related navigation commands inSKILL.md. - Boundary markers: The skill contains specific instructions regarding E2B URL safety, but lacks general delimiters or instructions to the agent to ignore commands embedded in retrieved web content.
- Capability inventory: The agent has the ability to execute remote commands (
cmux exec), transfer files (cmux upload,cmux download), and manage sandbox states (cmux delete). - Sanitization: No sanitization or content validation is defined for data fetched from external web pages before it is processed by the agent.
Audit Metadata