tmux
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill captures raw terminal output, which is a common vector for indirect prompt injection if the terminal displays content from untrusted sources.
- Ingestion points: Terminal output is ingested via
tmux capture-paneinscripts/wait-for-text.shand examples inSKILL.md. - Boundary markers: Absent. The captured text is not delimited to prevent the agent from interpreting embedded instructions as its own.
- Capability inventory: Arbitrary command execution is possible via
tmux send-keys(SKILL.md) and pane manipulation is performed inscripts/find-sessions.shandscripts/wait-for-text.sh. - Sanitization: No sanitization or filtering is applied to the captured terminal data.
- Command Execution (SAFE): The skill facilitates command execution as its primary intended function. It does not exhibit suspicious privilege escalation or unauthorized remote code execution patterns.
Audit Metadata