tmux-autopilot

This skill provides powerful, legitimate automation for managing tmux sessions (capture-pane, send-keys, broadcasting, pipe-pane, and reusing repo tmux configs). The capabilities are coherent with the stated purpose. However, the core actions (injecting keystrokes into arbitrary panes, broadcasting input to many panes, and replacing user tmux config via symlink/copy) carry substantial operational risk if misused or if the controlling agent is compromised or buggy. There is no technical enforcement of the listed MUST/SHOULD constraints; they are policy guidance. No obvious network exfiltration or download-execute supply-chain patterns are present in the text, and I found no obfuscated or outright malicious payloads. Recommended mitigations: restrict which panes/sessions the skill may target (whitelist and require explicit user confirmation for cross-session operations), avoid auto-symlinking repository configs without explicit consent, log and require human approval for broadcast/synchronize or multi-pane send-keys, rotate/limit any created worker processes (e.g., 'kiro-cli'), and protect stored pipe-pane logs. Overall: not clearly malicious but medium supply-chain/operational risk due to high-impact actions that can run arbitrary commands when targeted.