The Agent Skills Directory

[COMMAND_EXECUTION]: The primary function of this skill is to execute arbitrary commands and keystrokes within tmux sessions. While this is the intended purpose, it grants the agent significant control over the local shell environment. The skill mitigates this risk with a 'risk-gate' in scripts/dispatch.sh that checks for high-risk patterns like sudo, rm -rf /, and modifications to system directories.
[DATA_EXFILTRATION]: The skill uses tmux capture-pane in scripts/tmuxctl.sh to read the contents of terminal windows. This is used for 'readiness' detection but could expose sensitive information (secrets, tokens) if they are displayed on the screen during a session.
[PROMPT_INJECTION]: The skill includes instructions in scripts/dispatch.sh and scripts/interactive_runner.sh that direct the AI agent not to inspect the skill's own source code or scripts unless absolutely necessary. While likely intended to reduce distraction or token usage, it is a form of behavioral override.
[INDIRECT_PROMPT_INJECTION]: The 'backchannel' reporting system allows output from one tmux session (worker) to be fed into another session (controller/scheduler). This creates a surface where untrusted data could influence the behavior of the controller agent.
Ingestion points: Data enters the agent context through the report subcommand in scripts/tmuxctl.sh and is processed by the scheduler instructions in scripts/start_scheduler.sh.
Boundary markers: The skill uses a specific prefix ECHO-REPORT: to identify incoming worker reports.
Capability inventory: The agent receiving the reports has the capability to execute system commands and dispatch further tasks via the dispatch.sh script.
Sanitization: The skill does not currently perform sanitization or escaping of the report content before it is injected into the controller's tmux pane.

codex-tmux-echo