skills/flora131/atomic/tmux/Gen Agent Trust Hub

tmux

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PRIVILEGE_ESCALATION]: Setup instructions for Linux and macOS involve the use of sudo make install to perform system-wide installation of the tmux binary.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Fetches source code and packages from external GitHub repositories (github.com/tmux/tmux, github.com/psmux/psmux) to install the required tools for the skill.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses and potentially exposes interactive session content. The skill captures terminal output via capture-pane, which may contain sensitive information like credentials. Furthermore, it suggests logging pane data to the /tmp/ directory, which is a shared location accessible to other users on many systems.\n- [INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection through terminal pane monitoring.\n
  • Ingestion points: Reads untrusted data from active terminal panes in SKILL.md and scripts/wait-for-text.sh.\n
  • Boundary markers: No delimiters or isolation instructions are present to distinguish terminal output from system prompts.\n
  • Capability inventory: The agent has the ability to simulate keystrokes, execute shell commands, and write to the filesystem.\n
  • Sanitization: Captured output is processed without evidence of escaping, filtering, or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:41 PM
Security Audit — agent-trust-hub — tmux