cmux-terminal-multiplexer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples that embed plaintext secrets/tokens directly into commands (e.g., cookies set session_token "abc123", fill e2 "my-password", storage set myKey "myValue"), which encourages including secret values verbatim in generated commands/outputs and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Browser Automation section in SKILL.md explicitly lets the agent open arbitrary URLs (cmux --json browser open ) and then read/ snapshot/ get text/ wait for text/ find and click elements (e.g., cmux browser get text body, snapshot --interactive, wait --text, click e1), which means the agent fetches and interprets untrusted third‑party web content that can change its subsequent actions.