cmux-workspace
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
cmuxCLI to perform environment mutations, including creating panes (new-pane), sending keyboard input (send-key), and managing workspaces. - [COMMAND_EXECUTION]: It instructs the agent to execute local scripts (
./scripts/reload.shandios/scripts/reload.sh) found within the user's working directory to perform environment reloads. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading terminal output into the agent's context using the
cmux read-screencommand. - Ingestion points:
cmux read-screen(used inSKILL.mdto verify terminal state). - Boundary markers: Absent; there are no instructions to delimit terminal content or ignore embedded commands within the ingested data.
- Capability inventory: The agent has capabilities to execute shell commands (
cmux send), run local scripts (reload.sh), and open files (cmux open). - Sanitization: The skill does not specify any sanitization, filtering, or validation for the content read from the terminal screen before it is processed by the agent.
Audit Metadata