tmux
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes 'tmux send-keys' to interact with interactive terminal sessions, which is the core functionality. This allows the agent to drive CLIs and REPLs by sending characters and control sequences.
- [DATA_EXFILTRATION]: The skill implements 'tmux capture-pane' to read the contents of terminal windows. This enables the agent to observe command outputs but also implies that any sensitive data (such as passwords or tokens) printed to the terminal session will be visible to the agent.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted text from terminal outputs. 1. Ingestion points: terminal output captured via 'capture-pane' in the scripts and markdown guidance. 2. Boundary markers: None present to distinguish output from instructions. 3. Capability inventory: The agent has the ability to execute arbitrary terminal commands via 'tmux send-keys'. 4. Sanitization: No evidence of escaping or filtering terminal content before processing. This is a low-risk inherent property of terminal-interaction skills.
Audit Metadata