Skills
skills/kaiukov/cmux/cmux-workspace/Gen Agent Trust Hub

cmux-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and command reference utilize cmux send and cmux send-key to interact with shell environments and terminal surfaces. It also provides instructions for executing a local script ./scripts/reload.sh as part of development workflows for contributors.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by enabling the agent to ingest content from terminal surfaces via the cmux read-screen command.
  • Ingestion points: The cmux read-screen command (documented in references/commands.md) reads terminal content from a specified surface into the agent's context.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the prompt templates provided in the skill.
  • Capability inventory: The skill possesses significant capabilities, including cmux send (command execution), cmux new-pane (environment modification), and the ability to execute local scripts like ./scripts/reload.sh (as seen in SKILL.md).
  • Sanitization: No evidence of sanitization or validation of the ingested terminal screen content is present in the provided instruction files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:47 PM
Security Audit — agent-trust-hub — cmux-workspace