The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses the codex CLI with the --yolo flag to autonomously execute instructions derived from GitHub issues. This pattern allows for the execution of arbitrary code in a shell environment without user confirmation, which is dangerous if the source data (issue bodies) contains malicious content.
[COMMAND_EXECUTION]: The orchestrator uses tmux to manage background sessions and programmatically sends keyboard input using send-keys. It also automates file system and repository changes using git worktree, git push, and the gh CLI for pull request management.
[PROMPT_INJECTION]: By fetching external issue descriptions and passing them into AI prompts (e.g., in the Codex execution command), the skill is vulnerable to indirect prompt injection. An attacker with access to the GitHub repository could craft an issue that hijacks the orchestration logic to perform unauthorized actions.
[COMMAND_EXECUTION]: The skill establishes persistence by adding a heartbeat task to the system's cron scheduler. This recurring job automatically analyzes process status and executes self-healing commands, such as killing sessions or bypassing interactive prompts, which could be exploited to maintain unauthorized access or hide activity.

task-orchestrator