skills/leavesfly/tinyclaw/tmux/Gen Agent Trust Hub

tmux

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to remote-control terminal sessions by sending keystrokes and executing commands via tmux, including starting new sessions and sending input to panes.
  • [COMMAND_EXECUTION]: The documentation includes examples of using coding agents with --yolo or --full-auto flags, which promotes autonomous execution without user confirmation.
  • [DATA_EXPOSURE]: The skill uses tmux capture-pane to read terminal output and history, which can lead to the exposure of sensitive data displayed in the terminal by interactive processes.
  • [PROMPT_INJECTION]: By reading and reacting to output from terminal panes (e.g., using wait-for-text.sh), the skill introduces a surface for indirect prompt injection where malicious output from a compromised process could influence subsequent agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:35 PM
Security Audit — agent-trust-hub — tmux