tmuxinator
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent on how to use
tmuxinator, a utility that executes arbitrary shell commands defined in configuration files through lifecycle hooks (such ason_project_start,on_project_stop, andpre_window) and pane command lists. Example commands in the documentation includesudo systemctl start nginx,docker-compose, and package manager commands.\n- [PROMPT_INJECTION]: The skill describes support for 'Dynamic Configuration (ERB)', which allows arbitrary Ruby code execution during the configuration processing phase (e.g.,<%= ENV["USER"] %>). This presents a dynamic code execution surface if the agent handles templates from untrusted sources.\n- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection when an agent is tasked with creating, editing, or debugging configurations provided by third parties.\n - Ingestion points: Loading and processing
PROJECT.ymlconfiguration files from various filesystem locations (e.g.,~/.tmuxinator/,.tmuxinator.yml) as described in SKILL.md.\n - Boundary markers: Absent. The instructions do not provide delimiters or logic for the agent to distinguish its own instructions from commands embedded within processed configuration files.\n
- Capability inventory: Extensive shell execution capabilities including environment setup, process management, filesystem access, and remote access via SSH patterns.\n
- Sanitization: Absent. No input validation or sanitization is specified for the configuration content processed by the tool.
Audit Metadata