tmux
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'tmux send-keys' command to interact with terminal sessions, which enables the execution of arbitrary shell commands within those sessions. This capability allows the agent to perform any action the current user has permissions for in the shell. Evidence is found in the 'Sending input safely' and 'Orchestrating Coding Agents' sections of SKILL.md.
- [DATA_EXFILTRATION]: The skill captures and reads terminal output using 'tmux capture-pane'. If sensitive information (such as credentials, API keys, or private configuration) is displayed in the terminal during a session, it becomes accessible to the agent. Evidence is found in SKILL.md and scripts/wait-for-text.sh.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes text from terminal panes that may be displaying untrusted data from external sources (e.g., file contents, web responses, or tool outputs). Ingestion points: Terminal output captured via 'tmux capture-pane' in SKILL.md and scripts/wait-for-text.sh. Boundary markers: The skill does not implement delimiters or 'ignore' instructions to separate terminal data from agent instructions. Capability inventory: The skill possesses terminal command execution capabilities via 'tmux send-keys'. Sanitization: No sanitization or validation of the captured terminal content is performed before it is returned to the agent context.
Audit Metadata