Skills
skills/mitsuhiko/agent-stuff/tmux/Gen Agent Trust Hub

tmux

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill is designed to send arbitrary keystrokes to a shell using tmux send-keys, enabling the agent to execute any system command.
  • DATA_EXFILTRATION (HIGH): The use of tmux capture-pane allows the agent to read all output and history from a terminal session, which may contain sensitive credentials, environment variables, or private data.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it monitors terminal output to determine its next actions. Malicious output could be used to influence or override the agent's behavior.
  • Ingestion points: Terminal output scraped via tmux capture-pane and the wait-for-text.sh script.
  • Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious content in the terminal output.
  • Capability inventory: Arbitrary command execution via tmux send-keys and session management.
  • Sanitization: None. Terminal output is processed as-is.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:16 PM