cmux-help
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions on using
cmux sendandcmux new-workspace --commandto execute arbitrary shell commands within the terminal surfaces. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by documenting how to read untrusted external data from terminal outputs (
cmux read-screen) and web content (cmux browser snapshot). - Ingestion points: Terminal output via
read-screenand web page content via browser snapshot and get commands. - Boundary markers: Not specified in the documentation.
- Capability inventory: Shell command execution (
send,new-workspace), browser interaction (click,fill,eval), and file system operations (state save/load). - Sanitization: No sanitization or validation mechanisms are described for ingested content.
- [CREDENTIALS_UNSAFE]: Usage examples in the documentation reference sensitive file paths, including SSH identity files (
~/.ssh/id_ed25519) and browser authentication state files (~/auth-state.json).
Audit Metadata