coding-agent

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is functionally coherent with its stated purpose (orchestrating Codex/Claude via tmux) but contains multiple high-risk operational patterns: explicit guidance to bypass sandboxes (--yolo / --dangerously-skip-permissions), run package installs (pnpm install) in ephemeral worktrees, and auto-approve shell tool usage. Those instructions greatly increase the chance of supply-chain compromise or credential exfiltration if misused or if dependencies are malicious. I classify the skill as SUSPICIOUS: acceptable for advanced internal automation only when strict guardrails are enforced (avoid --yolo, pin dependencies, limit --add-dir). Do not run examples that bypass sandboxes or auto-approve Bash without explicit, narrow justification and review. LLM verification: This skill's stated purpose (orchestrating background AI agents via tmux) is coherent with its features, but it explicitly documents and encourages high-risk behaviors: disabling sandboxes/approvals (--yolo), running unpinned package installs, granting broad filesystem write access, and automating git commits/pushes. Those practices create a significant supply-chain and credential-forwarding risk. I classify the skill as suspicious/vulnerable rather than confirmed malware: it does not contain di