tmux
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates arbitrary command execution in terminal sessions via the
tmux send-keyscommand. This provides the agent with the ability to interact directly with the underlying shell and execute any command. - [DATA_EXFILTRATION]: Using
tmux capture-pane, the skill can read and expose the entire history of a terminal session. This could lead to the exposure of sensitive data, such as credentials, session tokens, or private configuration details displayed in the terminal. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from terminal outputs.
- Ingestion points: The
scripts/wait-for-text.shscript and instructions inSKILL.md(viacapture-pane) read raw text directly from tmux panes. - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore embedded commands or instructions within the captured terminal text.
- Capability inventory: High. The skill can send arbitrary keystrokes to a shell (
send-keys), create or kill sessions, and manage background processes. - Sanitization: Absent. Captured terminal output is processed and interpreted by the agent without any sanitization, escaping, or validation.
Audit Metadata