tmux-processes
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill promotes the use of
tmux send-keysto execute commands. This pattern injects strings directly into an interactive shell session, which can bypass security constraints and makes it extremely difficult to sanitize inputs, potentially leading to arbitrary command execution if process names or commands are derived from untrusted project files. - [PROMPT_INJECTION] (HIGH): The skill establishes a significant surface for Indirect Prompt Injection (Category 8).
- Ingestion points: The skill uses
tmux capture-paneinSKILL.mdto read output from running processes back into the agent's context. - Boundary markers: No boundary markers or delimiters are suggested to isolate the captured output from the agent's instructions.
- Capability inventory: The patterns grant the agent the ability to execute new commands (
send-keys), stop processes (kill-session,C-c), and monitor system state. - Sanitization: There is no evidence of sanitization or filtering of the captured output; the agent is instructed to search for strings like "error" or "ready" within potentially attacker-controlled process logs.
Recommendations
- AI detected serious security threats
Audit Metadata