The Agent Skills Directory

[COMMAND_EXECUTION]: The skill exposes the ability to execute arbitrary shell commands through the cmux new-workspace --command flag and the send command, which allows the agent to interact directly with terminal sessions.
[REMOTE_CODE_EXECUTION]: The documentation describes a pattern for executing external scripts using process substitution, specifically through the integration with the erk utility (e.g., source <(erk pr checkout <pr> --script)). This pattern facilitates the execution of code generated or retrieved by an external source at runtime.
[DATA_EXFILTRATION]: The browser subsystem includes commands to retrieve sensitive session information, including browser cookies get, browser storage local get, and browser storage session get. Additionally, the pipe-pane command allows for the redirection of terminal output to arbitrary external commands, creating a potential path for data exfiltration.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by providing commands that read untrusted content into the agent's context. Specifically, read-screen ingests terminal output, while browser snapshot and browser eval retrieve content from web pages. This data could contain malicious instructions designed to manipulate the agent's behavior.
[REMOTE_CODE_EXECUTION]: The browser eval, browser addscript, and browser addinitscript commands allow for the execution of arbitrary JavaScript within the browser surface, which can be used to manipulate web content or exfiltrate data from web sessions.

cmux