tmux
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary shell commands and keystrokes within tmux sessions using
tmux send-keys. This is the primary purpose of the skill, enabling automation of TTY-based applications. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It captures terminal output using
tmux capture-paneand processes it to detect completion or state changes. Malicious content within that output (e.g., from logs or untrusted files) could influence the agent's behavior. - Ingestion points: Terminal history and output are read via
tmux capture-panein theSKILL.mdorchestration examples. - Boundary markers: There are no markers or specific instructions implemented to help the agent distinguish between process output and its own instructions.
- Capability inventory: The skill provides full shell access via tmux, allowing for file system operations, package management, and the execution of other agents.
- Sanitization: There is no evidence of sanitizing or escaping the captured output before it is interpreted by the agent.
Audit Metadata