skills/manaflow-ai/cmux/cmux-settings/Gen Agent Trust Hub

cmux-settings

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script includes a subcommand to open the configuration file in an external text editor. It utilizes subprocess.call to execute commands derived from the $EDITOR environment variable or standard applications like VS Code or Cursor.
  • [EXTERNAL_DOWNLOADS]: The skill documentation and script reference a configuration schema file hosted on the vendor's official GitHub repository (manaflow-ai/cmux). This is used for validating settings and as a reference for available configuration keys.
  • [PROMPT_INJECTION]: The skill processes external data from the user's local cmux.json file, which constitutes an indirect prompt injection surface.
  • Ingestion points: The dump and get subcommands in scripts/cmux-settings read and output the contents of ~/.config/cmux/cmux.json.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are present in the script's output.
  • Capability inventory: The skill can perform file system writes (atomic_write) and execute shell commands to open editors (subprocess.call).
  • Sanitization: Content is parsed as JSON, but string values are not sanitized for potential embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 02:53 PM
Security Audit — agent-trust-hub — cmux-settings