The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes tmux send-keys to run arbitrary shell commands in a user's tmux pane, which provides the agent with full command-line access under the user's permissions.
[DATA_EXFILTRATION]: The skill uses tmux capture-pane to retrieve the contents of the terminal buffer and scrollback history. This can lead to the exposure of sensitive data, such as secrets, credentials, or private logs, if they are visible in the terminal.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes terminal output that may contain untrusted data. * Ingestion points: Terminal content is read using tmux capture-pane as described in SKILL.md. * Boundary markers: There are no delimiters or specific instructions to ignore malicious commands embedded within the captured terminal output. * Capability inventory: The agent has unrestricted shell access via the tmux send-keys command. * Sanitization: The skill does not perform any validation or sanitization on the data captured from the terminal buffer before processing it.

tmux-session-manager