The Agent Skills Directory

[COMMAND_EXECUTION]: The skill enables arbitrary shell command execution on the host system through several commands, including cmux send, cmux new-workspace --command, and cmux pipe-pane --command. This allows the agent to perform any action authorized for the current user in a terminal environment.
[REMOTE_CODE_EXECUTION]: The browser automation suite facilitates the execution of arbitrary JavaScript within web pages via browser eval, browser addinitscript, and browser addscript. Additionally, set-hook allows configuring automated command execution in response to system events, which can be leveraged for persistence or unintended side effects.
[DATA_EXFILTRATION]: The skill provides broad access to sensitive data, including the ability to read terminal screen content and scrollback history (read-screen, capture-pane), as well as browser-specific data such as cookies, storage, and network requests. This content can be captured and potentially transmitted externally by an agent.
[PROMPT_INJECTION]: There is a significant risk of indirect prompt injection because the agent is designed to process and act upon untrusted data from terminal outputs and web pages.
Ingestion points: Data enters the context via read-screen, capture-pane, and browser snapshot (accessibility trees).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified in the provided reference.
Capability inventory: Extensive capabilities include shell execution (send), file interaction (via shell), and JS execution (browser eval).
Sanitization: No sanitization or validation of the ingested terminal/browser content is described.
[CREDENTIALS_UNSAFE]: The CLI reference documents support for socket authentication using a --password flag and the CMUX_SOCKET_PASSWORD environment variable. This pattern can lead to credentials being exposed in process listings, command history, or environment dumps.

cmux