tmux
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill allows for the remote control of tmux sessions, including sending literal keystrokes and commands via
tmux send-keys. This is a primary feature intended for orchestrating interactive terminal sessions and complex CLI tools. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design, as it captures terminal output and uses it to drive agent logic (e.g., polling for specific text strings or monitoring process completion).
- Ingestion points: Terminal output is ingested from tmux panes using
tmux capture-paneinSKILL.mdandscripts/wait-for-text.sh. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the captured terminal output.
- Capability inventory: The agent has the capability to execute any terminal command within the tmux session via
send-keys. - Sanitization: The captured terminal output is not sanitized or escaped before being processed by regex matching or used in agent decision-making loops.
Audit Metadata