tmux
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's primary functionality is to execute arbitrary commands and send keystrokes to terminal sessions via
tmux send-keys. While this is the intended use case, it provides the agent with full shell access within those sessions. - [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection Surface) The skill creates a feedback loop where terminal output is ingested and used to drive subsequent agent actions.
- Ingestion points: Untrusted data enters the agent's context through
tmux capture-panecalls inSKILL.mdand the polling mechanism inscripts/wait-for-text.sh. - Boundary markers: Absent. The documentation does not instruct the agent to use delimiters or specific safety instructions when processing captured terminal text.
- Capability inventory: High. The agent has the ability to perform file operations, network requests, and further command execution within the tmux session via
send-keys. - Sanitization: Absent. Terminal output is read and interpreted as raw text without validation or filtering for embedded instructions.
Audit Metadata