smux
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to send arbitrary keystrokes and commands to tmux panes via the tmux-bridge utility and raw tmux commands. This allows for automated interaction with shell sessions and background processes.
- [PROMPT_INJECTION]: The skill facilitates reading and acting on content from external terminal sessions, which introduces a surface for indirect prompt injection.
- Ingestion points: Data from external panes enters the agent's context through 'tmux-bridge read' (SKILL.md) and 'tmux capture-pane' (references/tmux.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided for terminal data.
- Capability inventory: The skill allows executing commands in other panes using 'tmux-bridge type/keys' and 'tmux send-keys' across all referenced files.
- Sanitization: No validation or sanitization of terminal output is performed before processing.
- [DATA_EXPOSURE]: The agent is capable of reading the full scrollback history and current output of any tmux pane, which is necessary for monitoring but requires caution if terminals contain sensitive information.
Audit Metadata