cmux

SUSPICIOUS: the skill is coherent with its stated cmux orchestration purpose and uses a verifiable same-org install path, so it is not overtly malicious. However, it grants powerful agent-to-agent terminal control, screen reading, and browser automation that materially increase autonomy and prompt-injection risk, making it high-impact even without clear exfiltration behavior.