tmux-agents
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes internal shell scripts (
spawn.sh,status.sh,check.sh) and thetmuxsystem utility to manage background coding processes. - [EXTERNAL_DOWNLOADS]: The skill configuration includes a step to install the
tmuxbinary using the Homebrew (brew) package manager during the installation process. - [PROMPT_INJECTION]: The skill acts as a wrapper for local and cloud-based AI agents and accepts user-defined tasks that are passed to these agents, creating a surface for indirect prompt injection. * Ingestion points: User input provided via the
<task>argument in thespawn.shcommand. * Boundary markers: The documentation does not define any delimiters or instructions to isolate user input from the agent's core instructions. * Capability inventory: The agents managed by this skill can perform code modifications, refactoring, and research, and can interact with local systems via Ollama or cloud APIs. * Sanitization: No sanitization or validation of the input task is described in the provided skill file.
Audit Metadata