tmux
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive capabilities to send arbitrary keystrokes to any active tmux session via the 'tmux send-keys' command. This allows the agent to execute any command within those sessions with the user's current privileges.
- [DATA_EXFILTRATION]: The skill facilitates capturing the entire scrollback history of terminal panes using 'tmux capture-pane -S -'. This functionality can be used to harvest sensitive information that has appeared in the terminal, such as environment variables, API keys, credentials, or private file contents.
- [COMMAND_EXECUTION]: The instructions explicitly describe patterns for automating responses to interactive prompts (e.g., 'Approve Claude Code Prompt' by sending 'y' and Enter). This capability can be used to bypass security-critical human-in-the-loop confirmations for other automated processes.
- [PROMPT_INJECTION]: Monitoring terminal output introduces a significant indirect prompt injection surface. Because the skill scrapes output from arbitrary panes (Ingestion: tmux capture-pane), any untrusted or adversarial content displayed in a terminal could be interpreted by the agent as instructions, potentially leading to unauthorized command execution (Capabilities: tmux send-keys) without adequate boundary markers or sanitization.
Audit Metadata