The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the codex exec command with the --full-auto flag. This configuration enables the autonomous execution of shell commands and code generated by an LLM without manual intervention, which can be exploited to run malicious commands if the model is compromised or misled.
[COMMAND_EXECUTION]: The skill instructions recommend delegating tasks that include running build and test tools (e.g., pnpm typecheck, pnpm test, pnpm lint) based on AI-generated code. This creates a risk where the generated code could contain malicious payloads that are then executed locally during the 'quality gate' or testing phase.
[PROMPT_INJECTION]: The skill demonstrates vulnerability to Indirect Prompt Injection (Category 8) by creating a chain of delegation where untrusted data can influence the commands executed by sub-agents.
Ingestion points: The prompt field in mcp__moonbridge__spawn_agent and the command-line arguments passed to codex exec in SKILL.md.
Boundary markers: Absent. The provided templates do not use delimiters or explicit instructions to prevent the sub-agent from obeying embedded commands within the code it is meant to implement.
Capability inventory: Full shell execution via codex exec --full-auto and execution of scripts via pnpm tools.
Sanitization: Absent. The skill encourages passing instructions directly into the execution environment without validation or filtering.

codex-coworker