coding-agent
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is primarily designed to execute shell commands using the
bashandprocesstools to manage external agents. - [PROMPT_INJECTION]: Instructions explicitly direct the agent to bypass safety and permission constraints of sub-tools using flags like
--permission-mode bypassPermissionsfor Claude and--yolo(described as 'NO sandbox, NO approvals') or--full-autofor Codex. - [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of external AI agents which autonomously generate and execute code on the host system or in specified work directories.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing external packages from npm, including
@mariozechner/pi-coding-agent, which is an unverified third-party dependency. - [DATA_EXFILTRATION]: While the skill includes warnings against running in internal state directories to prevent 'reading your soul docs', the suggested use of background processes with PTY access and 'yolo' mode creates a significant surface for unauthorized file access and data leakage.
Recommendations
- AI detected serious security threats
Audit Metadata