cmux-team
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection within the
afk-runner.mdandparallel-afk-runners.mdmodes. These modes instruct agents to fetch and process GitHub issue titles and bodies to automate development workflows. Since issue content can be provided by any external user, it could be used to inject instructions aimed at overriding agent behavior or performing unauthorized repository actions. - Ingestion points: The skill fetches external data using
gh issue listinmodes/afk-runner.mdandmodes/parallel-afk-runners.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the issue content are provided.
- Capability inventory: The agents have access to shell command execution (
bash), file system modification (git operations, code editing), and the ability to spawn additional sub-agents via theAgenttool. - Sanitization: No validation or sanitization of the fetched issue content is described before it is used to guide the agent's implementation tasks.
- [COMMAND_EXECUTION]: The skill relies extensively on shell command execution (
bash) to perform its primary functions. This includes environment detection, git worktree management, and interaction with the GitHub CLI (gh). This behavior is consistent with the skill's stated purpose as a developer tool for agent orchestration.
Audit Metadata