tmux-orchestration
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
tmuxcommands to manipulate the user's terminal environment. This includes sending keystrokes (send-keys) to other panes, spawning new windows or sessions, and broadcasting commands across multiple shells simultaneously. - [DATA_EXFILTRATION]: To function, the skill requires reading the visible content and scrollback of any
tmuxpane. This grants the agent access to any information currently displayed in other terminal windows, which may include sensitive data such as environment variables, API keys, or private source code visible in editors. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and interprets data from external panes (e.g., from other agents, REPLs, or process logs). Malicious content displayed in a monitored pane could be interpreted as instructions, potentially influencing the agent's behavior.
- Ingestion points: Capture of terminal output from arbitrary panes using
tmuxutilities. - Boundary markers: No technical delimiters or 'ignore' instructions are specified for the data ingested from other panes.
- Capability inventory: The skill allows the agent to execute shell commands, send keystrokes to any active process, and spawn new terminal sessions.
- Sanitization: There is no evidence of filtering or sanitizing the content read from external panes before it is processed by the agent.
Audit Metadata