coding-agent
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The bash tool exposes an 'elevated' parameter that allows commands to run directly on the host system instead of a sandbox.
- [PROMPT_INJECTION]: Documentation encourages the use of the '--yolo' flag for Codex CLI, which explicitly disables sandboxing and auto-approvals, effectively bypassing safety constraints.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its repository cloning and PR review features. Ingestion points: 'git clone' and 'gh pr checkout' commands. Boundary markers: recommendations for using temporary directories and git worktrees. Capability inventory: 'bash' tool with 'elevated' host access and the 'process' tool for interactive session control. Sanitization: none detected.
- [REMOTE_CODE_EXECUTION]: Recommends the installation and execution of the '@mariozechner/pi-coding-agent' package from the NPM registry.
Audit Metadata