cmux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly exposes browser automation (e.g., "cmux browser goto ", "cmux browser get-text", "cmux browser eval") which lets the agent navigate and read arbitrary public web pages and then act (e.g., send commands to workspaces), enabling untrusted third-party content to influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs running a sudo command to create a system-wide symlink (sudo ln -sf /usr/local/bin/cmux), and describes CLI/socket operations that modify system state and control other sessions, so it pushes the agent toward privileged changes.