tmux-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill allows the agent to run arbitrary shell commands in other tmux panes using
tmux-cli execute. This is the primary function of the skill and intended for tasks like running builds and tests. - [EXTERNAL_DOWNLOADS] (LOW): The skill directs the user to install
claude-code-toolsusing theuvtool. This is an external dependency necessary for the skill's operation. - [INDIRECT_PROMPT_INJECTION] (LOW): The capability to communicate with other agents or scripts in different tmux panes (via
sendandcapture) creates an attack surface where a malicious process could inject instructions into the agent's context. 1. Ingestion points: Data captured from other tmux panes using thecapturecommand. 2. Boundary markers: Absent; the instructions do not provide delimiters or warnings to ignore embedded instructions in captured data. 3. Capability inventory: Shell command execution viatmux-cli execute. 4. Sanitization: Absent; the skill does not define methods for validating or escaping content received from external panes.
Audit Metadata