tmux
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: Setup instructions for Linux and macOS involve the use of
sudo make installto perform system-wide installation of the tmux binary.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: Fetches source code and packages from external GitHub repositories (github.com/tmux/tmux,github.com/psmux/psmux) to install the required tools for the skill.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses and potentially exposes interactive session content. The skill captures terminal output viacapture-pane, which may contain sensitive information like credentials. Furthermore, it suggests logging pane data to the/tmp/directory, which is a shared location accessible to other users on many systems.\n- [INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection through terminal pane monitoring.\n - Ingestion points: Reads untrusted data from active terminal panes in
SKILL.mdandscripts/wait-for-text.sh.\n - Boundary markers: No delimiters or isolation instructions are present to distinguish terminal output from system prompts.\n
- Capability inventory: The agent has the ability to simulate keystrokes, execute shell commands, and write to the filesystem.\n
- Sanitization: Captured output is processed without evidence of escaping, filtering, or validation.
Audit Metadata