coding-agent
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the bash tool to run CLI-based coding agents. It provides explicit warnings about using the --yolo flag, noting it as 'most dangerous' because it disables sandboxing and approval steps.
- [EXTERNAL_DOWNLOADS]: The documentation mentions installing '@mariozechner/pi-coding-agent' via NPM. This is a standard installation of a well-known developer tool from a public registry.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection when processing external repository data and Pull Requests.
- Ingestion points: Untrusted content enters the context via 'codex review' and 'git diff' operations.
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are included in the command templates.
- Capability inventory: The system has full bash execution and file modification capabilities via the coding agents it wraps.
- Sanitization: The skill relies on the underlying coding agents' own internal safety protocols without adding its own sanitization layer.
Audit Metadata