tmux-autopilot
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily utilizes 'tmux send-keys' to inject and execute commands in terminal panes based on automated scripts. It also prescribes the modification of the user's '~/.tmux.conf' by symlinking it to a specific local directory path ('/home/lenovo/zip/vibe-coding-cn/repo/.tmux/'), which alters persistent environment behavior.\n- [EXTERNAL_DOWNLOADS]: The documentation provides explicit examples for installing the 'skill-seekers' package via package managers (pip/uv) and downloading remote repository content from GitHub.\n- [PROMPT_INJECTION]: The skill implements an automated 'rescue' pattern that captures terminal output using 'tmux capture-pane' and programmatically responds to identified strings (e.g., automatically sending 'y' to '(y/n)' prompts). This creates a surface for indirect prompt injection if malicious content is displayed in the terminal.\n
- Ingestion points: SKILL.md and references/examples.md (utilizing 'tmux capture-pane').\n
- Boundary markers: None present in the provided scripts or instructions.\n
- Capability inventory: 'tmux send-keys' (arbitrary command execution), 'ln -sfn' (filesystem symlink modification), and 'cp' (file creation).\n
- Sanitization: None; the logic relies on simple substring matching with 'grep'.
Audit Metadata