tmux-agent

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Overall, the code fragment is benign and self-consistent with its stated purpose of tmux-based orchestration for Claude instances. It does not introduce external dependencies, credential handling, or data exfiltration; data reads are restricted to local pane state and outputs, and actions are tmux-API driven within the user’s session. LLM verification: This skill's capabilities are consistent with its stated purpose (tmux orchestration) but they are inherently powerful: it can read pane outputs and execute arbitrary commands in other panes. There are no external downloads or third-party network calls, so supply-chain compromise signals are absent. However, the skill provides mechanisms that, if misused or incorrectly escaped, could lead to command injection, unintended execution, or exposure of secrets visible in terminal sessions. Treat this