cmux-settings
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script includes a subcommand to open the configuration file in an external text editor. It utilizes
subprocess.callto execute commands derived from the$EDITORenvironment variable or standard applications like VS Code or Cursor. - [EXTERNAL_DOWNLOADS]: The skill documentation and script reference a configuration schema file hosted on the vendor's official GitHub repository (
manaflow-ai/cmux). This is used for validating settings and as a reference for available configuration keys. - [PROMPT_INJECTION]: The skill processes external data from the user's local
cmux.jsonfile, which constitutes an indirect prompt injection surface. - Ingestion points: The
dumpandgetsubcommands inscripts/cmux-settingsread and output the contents of~/.config/cmux/cmux.json. - Boundary markers: No specific boundary markers or 'ignore' instructions are present in the script's output.
- Capability inventory: The skill can perform file system writes (
atomic_write) and execute shell commands to open editors (subprocess.call). - Sanitization: Content is parsed as JSON, but string values are not sanitized for potential embedded instructions.
Audit Metadata