The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to use the --yolo flag with the Codex CLI, which is described as a shortcut for --dangerously-bypass-approvals-and-sandbox. Bypassing these security controls allows the agent to execute arbitrary generated code without human oversight or technical restrictions.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @mariozechner/pi-coding-agent package via npm install -g, which is a third-party dependency from a non-whitelisted source. It also utilizes pnpm install within temporary worktrees and clones external repositories using git clone.
[COMMAND_EXECUTION]: The skill utilizes a wide array of shell commands to manage background processes and interactive coding environments, including bash, tmux, git, and gh. It provides a mechanism to programmatically write to and kill these processes.
[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface through its PR review workflow. (1) Ingestion points: Data enters the agent context via git clone and gh pr checkout of external code. (2) Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the recommended prompt templates. (3) Capability inventory: The skill possesses extensive capabilities including shell execution (bash), process control, and network interaction (gh). (4) Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the AI coding agents.

coding-agent