tmux
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill references the Tmux Plugin Manager (TPM) in
references/configuration.md. - Evidence:
git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpmandrun '~/.tmux/plugins/tpm/tpm'. - The
tmux-pluginsorganization is not on the trusted GitHub organization list. While this is a standard and widely used tool in the tmux ecosystem, it involves downloading and executing third-party scripts at runtime. - COMMAND_EXECUTION (LOW): The skill provides numerous bash commands for session management and terminal control.
- Evidence:
tmux send-keys,tmux split-window, etc. throughoutSKILL.mdandreferences/commands.md. - These are necessary for the skill's purpose and do not appear to be used maliciously, but they represent a surface area for execution if the agent is given full shell access.
Audit Metadata