tmux
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to control terminal sessions by sending keystrokes and executing commands via
tmux. It includes helper scripts to discover sessions and monitor pane output for specific text patterns.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it ingests untrusted data from terminal output and lacks robust sanitization or boundary markers.\n - Ingestion points: Terminal output is ingested via
tmux capture-panein both theSKILL.mddocumentation examples and thescripts/wait-for-text.shscript.\n - Boundary markers: The instructions suggest relying on standard shell prompts (like
❯or$) to identify when a command has finished, but these can be easily spoofed by malicious output to trick the agent.\n - Capability inventory: The skill has the capability to execute arbitrary shell commands by sending keystrokes to an active session using
tmux send-keys.\n - Sanitization: The captured terminal output is processed using
grepwithout any escaping or validation to ensure it does not contain malicious instructions meant to manipulate the agent's behavior.
Audit Metadata