cmux-cli
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent on using the
cmux sendandcmux send-keycommands, which allow for the execution of arbitrary commands within terminal surfaces managed by the cmux application.\n - Evidence: Examples such as
cmux send --surface "${CMUX_SURFACE_ID:-}" "echo ok\n"inSKILL.mdandreferences/commands.mddemonstrate this capability.\n- [REMOTE_CODE_EXECUTION]: The CLI provides a set of commands for interacting with and executing code on virtual machines (VMs).\n - Evidence: The
cmux vm exec <vm-id> -- <command>command listed inreferences/commands.mdfacilitates execution on remote or virtualized targets.\n- [PROMPT_INJECTION]: The skill features an attack surface for indirect prompt injection as it ingests untrusted data that could influence subsequent agent actions.\n - Ingestion points: Untrusted content can be read from terminal outputs and web pages using
cmux read-screen,cmux capture-pane, andcmux browser snapshot(referenced inSKILL.mdandreferences/commands.md).\n - Capability inventory: The agent possesses the ability to execute commands through
cmux sendandcmux vm exec(found inreferences/commands.md).\n - Boundary markers: The instructions advocate for using the
--jsonoutput format for automation, which provides structure but does not act as a security boundary against embedded instructions.\n - Sanitization: There are no explicit instructions for sanitizing or escaping the content retrieved from these ingestion points before it is processed.
Audit Metadata