mux-subagent

Benign with operational safeguards but with protocol-enforcement fragility risks if guard script or path assumptions are abused. No credential exposure, no remote data exfiltration, and the behavior is consistent with a governance wrapper around agent delegation.