cmux

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill documents a CLI option (--password PASSWORD) and multiple commands that take raw text/values (e.g., cookie/storage set, send, set-buffer) so an agent constructing cmux commands may need to include secret values verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly enables opening arbitrary URLs and extracting/inspecting page content (e.g., "cmux browser open [url]", "cmux browser get ... text|html|title", "cmux browser eval ") and also reading other terminal screens ("cmux read-screen"), which lets the agent ingest untrusted third‑party web/terminal content that could influence subsequent actions.