Skills
skills/kaiukov/cmux/cmux-customization/Gen Agent Trust Hub

cmux-customization

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions include bash commands for file system inspection (test, sed), backup operations (cp, date), and interaction with the cmux CLI and sibling skill scripts (cmux-settings). These are standard administrative tasks for the skill's intended purpose.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading external, potentially untrusted configuration files (cmux.json) from the user's home directory or project folders.
  • Ingestion points: The skill reads ~/.config/cmux/cmux.json and .cmux/cmux.json using sed to ingest their contents into the agent's context.
  • Boundary markers: Absent. The content is loaded without delimiters or instructions to treat it as untrusted data.
  • Capability inventory: The skill has the ability to execute shell commands, edit files, and call other tools, which could be leveraged if a malicious payload in a configuration file successfully redirects the agent's behavior.
  • Sanitization: The skill includes a structural validation step for JSON but lacks content filtering or sanitization to prevent prompt-based attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:48 PM
Security Audit — agent-trust-hub — cmux-customization