cmux-ref
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the cmux CLI tool to interact with the environment, including reading screen content via 'read-screen' and sending input to terminals using the 'send' command.
- [PROMPT_INJECTION]: The skill processes user-pasted topology identifiers (refs and IDs) and uses them as routing context for agent actions.
- Ingestion points: User-pasted text blocks in chat or terminal (SKILL.md).
- Boundary markers: None; identifiers are parsed directly from free-form user pastes.
- Capability inventory: Full terminal and workspace interaction via cmux (read-screen, send, open, new-surface).
- Sanitization: Identifiers are extracted using a restrictive regex ([A-Za-z0-9:-]+), which effectively prevents the injection of shell metacharacters into the CLI commands.
Audit Metadata