tmux
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill implements functionality to send keystrokes and commands to tmux panes via
tmux send-keys. The scriptsfind-sessions.shandwait-for-text.shuse shell arrays and double-quoting for all variables (e.g.,"$target","$pattern"), which effectively prevents shell metacharacter injection. - [DATA_EXFILTRATION]: The skill has the capability to capture terminal output and scrollback history using
tmux capture-pane. This is an intended feature for monitoring sessions, but users should be aware that any sensitive information (such as credentials or keys) printed to a monitored tmux pane will be visible to the agent. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The agent ingests external, untrusted data via
tmux capture-panein both theSKILL.mdexamples and thewait-for-text.shscript. - Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore instructions embedded in the captured terminal output.
- Capability inventory: The skill provides high-privilege capabilities including the ability to send arbitrary input to terminal sessions and execution of shell commands.
- Sanitization: No sanitization or filtering of the captured terminal text is performed before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of the
tmuxbinary viabrew. This targets a well-known package manager and a standard utility, representing no significant security risk.
Audit Metadata