Skills
skills/psycho-baller/ai-agents-config/cmux-and-worktrees/Gen Agent Trust Hub

cmux-and-worktrees

Warn

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute bash .cmux/setup and various cmux commands. Executing local scripts is a security risk in agentic workflows as it allows for arbitrary command execution within the agent's environment.\n- [REMOTE_CODE_EXECUTION]: By instructing the agent to run scripts from the repository (such as .cmux/setup), the skill creates a pathway for executing code provided by external repository authors, which can lead to remote code execution if the repository source is malicious.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the .cmux/setup script. An attacker could influence the agent's actions by placing malicious instructions or commands inside this file, which the agent is trained to execute by default.\n
  • Ingestion points: The .cmux/setup script located in the repository root.\n
  • Boundary markers: None. The skill does not instruct the agent to inspect or validate the script's contents before execution.\n
  • Capability inventory: Shell execution (bash), file modification (echo to .gitignore), and use of the cmux CLI tool.\n
  • Sanitization: None. The agent executes the script directly.\n- [EXTERNAL_DOWNLOADS]: The cmux update command implies that the tool can download and install code from external sources. The origin, integrity, and safety of these updates are not specified or verified within the skill's instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 04:15 PM