coding-agent

[Skill Scanner] Instruction directing agent to run/execute external content All findings: [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The file is an operations/manual-style manifest for running interactive coding agents and is not itself malicious code. However, it prescribes risky operational patterns — notably '--yolo' (no sandbox), immediate unverified installs and execute, automated commit/push flows, and outbound notifications — that materially increase supply-chain, credential, and exfiltration risk when executed or automated. Recommendation: treat this as medium-risk guidance; enforce safeguards (no --yolo in automated contexts, pin & verify dependencies, require interactive approvals for commits/pushes, restrict outbound notification hooks, isolate agent runtime and credentials) before using in production or automation. LLM verification: The file is a comprehensive operational guide for running interactive coding agents, but it promotes several high-risk behaviors: disabling sandbox/approval controls (--yolo, --full-auto), performing unpinned third-party installs, running unsupervised background agents with push capability, and forwarding logs/notifications to external endpoints. I did not find explicit obfuscated malware code in the text, but the operational guidance materially increases the risk of credential exposure, data ex