agent-collaboration
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The setup documentation in 'references/smux-setup.md' contains a high-risk command idiom: 'curl -fsSL shawnpana.com/smux/install.sh | bash'. This pattern downloads and immediately executes a shell script from an unverified third-party domain, providing the remote server with full control over the user's shell session without integrity checks.- [EXTERNAL_DOWNLOADS]: The skill fetches installation assets and scripts from 'shawnpana.com', which is a third-party domain not identified as a trusted service provider or associated with the skill author.- [COMMAND_EXECUTION]: The skill relies on 'tmux-bridge keys Enter' to send keystrokes to other terminal panes. While intended for coordination, this capability allows the agent to execute arbitrary commands in other sessions, which can be exploited if the agent is influenced by malicious input.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes output from external tmux panes using 'tmux-bridge read'.
- Ingestion points: 'tmux-bridge read ' in SKILL.md and references/review-patterns.md.
- Boundary markers: Absent.
- Capability inventory: 'tmux-bridge keys', 'tmux-bridge message', and 'tmux-bridge name' in SKILL.md.
- Sanitization: Absent; the skill lacks mechanisms to escape or validate data retrieved from other panes before interacting with them.
Recommendations
- AI detected serious security threats
Audit Metadata