The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses autonomous agent CLIs (codex, claude) with flags that bypass interactive permissions (--yolo, --dangerously-skip-permissions). This grants the agents broad authority to modify the filesystem and execute system commands as part of their primary implementation functions.
[EXTERNAL_DOWNLOADS]: Installation instructions and setup scripts (README.md, scripts/doctor) reference official distribution channels (NPM, Homebrew) for well-known development tools including gh (GitHub CLI), @openai/codex, and @anthropic-ai/claude-code.
[PROMPT_INJECTION]: The skill's architecture is susceptible to indirect prompt injection when processing untrusted codebases or plan files. Ingestion points: External data enters the system through scripts/code-plan (via user requests) and scripts/code-implement (via plan artifacts stored in .ai/plans/*.md). Boundary markers: Instructions are separated from data using Markdown headers and specific text labels within the system prompts (e.g., PLAN CONTENT). Capability inventory: The skill possesses extensive capabilities including file read/write and arbitrary command execution through its integrated agent CLIs. Sanitization: The scripts/code-implement utility enforces a human-in-the-loop approval gate before executing a generated plan, providing a manual check against potentially malicious instructions.

coding-agent