tmux-agents
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts (
spawn.sh,status.sh,check.sh) and usestmuxcommands to manage processes and inject input into terminal sessions viatmux send-keys. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it handles external input.
- Ingestion points: Data enters the agent context through the
<task>argument in thespawn.shscript and the instruction string in thetmux send-keyscommand. - Boundary markers: There are no delimited boundaries or instructions provided to the agent to disregard potentially malicious commands embedded in the task description.
- Capability inventory: The skill possesses the capability to execute shell scripts, create background terminal sessions, and inject keyboard events into those sessions.
- Sanitization: There is no evidence of sanitization or escaping of the task or instruction strings before they are processed by the shell or the agent.
- [SAFE]: The skill correctly identifies and uses well-known services, such as Homebrew for dependency management and Ollama for local model hosting.
Audit Metadata