tmux-aware
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute arbitrary shell commands within TMUX panes using the
send-keysfunction. While intended for service management, this provides a mechanism for running any command. Evidence: The patterntmux send-keys -t "target" "command here" Enteris explicitly listed in the Command Reference in SKILL.md. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and analyzes terminal output which is considered untrusted data. 1. Ingestion points: Terminal history is read into the agent's context using
tmux capture-panein SKILL.md. 2. Boundary markers: No delimiters or "ignore" instructions are used when processing the captured terminal text. 3. Capability inventory: The agent has the ability to execute further shell commands viatmux send-keysbased on its analysis of the captured output. 4. Sanitization: There is no evidence of sanitization or validation of the captured terminal data before analysis.
Audit Metadata