The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing tmux commands and shell scripts to manage sessions and interact with terminal applications. It includes instructions for parameterization and interaction with long-running processes, using best practices like the -- delimiter and literal string sending to minimize injection risks.- [DATA_EXFILTRATION]: The skill performs terminal scraping via tmux capture-pane and wait-for-text.sh. This process reads all content displayed in the tmux pane, potentially including sensitive information, environment variables, or secrets if they are printed to the console during session activity.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). The agent's decision-making loop involves polling terminal output for specific patterns. Maliciously crafted output from a command executed within the session could be interpreted as instructions, potentially leading to agent subversion.
Ingestion points: Terminal output is ingested via scripts/wait-for-text.sh and the capture-pane command described in SKILL.md.
Boundary markers: No explicit boundary markers or "ignore instructions" directives are used when processing the scraped terminal output.
Capability inventory: The agent has the capability to execute arbitrary shell commands via the tmux interface and local shell.
Sanitization: No sanitization or filtering of the captured terminal content is performed before it is processed by the agent.

tmux