iterm2
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute various shell commands for software management (
brew install), configuration modification (~/.tmux.conf), and session control (tmux). It also calls a local utility script~/.claude/Tools/SkillWorkflowNotificationfor observability during workflow execution. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to clone the tmux Plugin Manager (TPM) from its public repository on GitHub (
https://github.com/tmux-plugins/tpm). - [REMOTE_CODE_EXECUTION]: The skill configuration process involves executing the TPM initialization script (
~/.tmux/plugins/tpm/tpm) after it has been downloaded to the local filesystem. - [PROMPT_INJECTION]: The skill accepts user-defined strings for session and window naming which are interpolated into shell commands. This represents an indirect prompt injection surface. (Ingestion points: User input in session/window names; Boundary markers: Absent; Capability inventory:
tmux,brew,git, and local shell execution; Sanitization: Absent).
Audit Metadata