coding-agent
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill defines a parameter
elevated: booleandescribed as 'Run on host instead of sandbox'. It also explicitly instructs the use of the--yoloflag for Codex, which is described as 'NO sandbox, NO approvals'. These features allow for unconstrained command execution on the host system. - [EXTERNAL_DOWNLOADS] (LOW): The skill documentation includes instructions for installing external packages via
npm install -g @mariozechner/pi-coding-agentand routinely usesgit cloneto pull external repository data for processing. - [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection) risk is present because the skill is designed to ingest data from untrusted sources like GitHub PRs and external repositories.
- Ingestion points: Git clones and
gh pr checkoutcommands used for 'Batch PR Reviews'. - Boundary markers: None explicitly used to wrap untrusted content, though
workdiris used for process isolation. - Capability inventory: Extensive bash capabilities including
pty,backgroundexecution, andelevatedhost access. - Sanitization: No sanitization of external code or PR content before it is processed by the coding agents.
Audit Metadata