zmx
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'zmx' command-line tool to execute shell commands within persistent terminal sessions via the 'attach' and 'run' subcommands.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing terminal scrollback history. * Ingestion points: Terminal output is ingested into the agent context via 'zmx history' (SKILL.md). * Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the terminal history. * Capability inventory: The skill has the capability to execute shell commands and manage processes via 'zmx'. * Sanitization: There is no evidence of sanitization or filtering of the terminal history data before it is processed by the agent.
Audit Metadata