Skills
skills/halfwhey/skills/tmux/Gen Agent Trust Hub

tmux

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses tmux send-keys and a helper script bin/send-tmux to execute arbitrary commands within terminal panes. This provides the agent with full shell access in the context of the tmux session.
  • [DATA_EXFILTRATION]: The skill uses bin/read-tmux to capture pane output. While intended for monitoring, this capability allows the agent to read any sensitive information displayed in the terminal, such as environment variables, configuration files, or database secrets.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from terminal panes without sanitization.
  • Ingestion points: Terminal output is read into the agent context via the bin/read-tmux script (referenced in SKILL.md).
  • Boundary markers: Absent. The skill does not provide instructions to wrap pane output in delimiters or to ignore embedded instructions within that output.
  • Capability inventory: The agent can execute commands (tmux send-keys, bin/send-tmux), manage the filesystem indirectly through the shell, and manipulate tmux sessions.
  • Sanitization: Absent. There is no mention of filtering, escaping, or validating the content read from terminal panes before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 09:44 PM