The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute external binaries via the bash tool. It explicitly documents and provides examples for high-risk flags such as --yolo (described as "NO sandbox, NO approvals") for the Codex CLI. Additionally, it lists an elevated parameter for the bash tool intended to bypass standard sandboxing.
[EXTERNAL_DOWNLOADS]: The skill recommends the installation of a third-party Node.js package @mariozechner/pi-coding-agent via a global npm installation command without version pinning.
[REMOTE_CODE_EXECUTION]: The skill facilitates a workflow where an AI agent generates and executes code through sub-agents (Codex, Claude Code, Pi). While this is the primary functionality, it creates a broad and powerful execution surface on the host system or within the sandbox.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its PR review capabilities. It processes untrusted data from external repositories which could contain malicious instructions designed to be interpreted by the coding agents.
Ingestion points: External code is pulled into the environment via git clone and gh pr checkout commands.
Boundary markers: The instructions do not define strict delimiters or clear instructions to the sub-agents to ignore embedded prompts in the code being reviewed.
Capability inventory: The skill has access to the bash and process tools, allowing for file system modification, network access, and background process management.
Sanitization: There is no evidence of content sanitization or validation for the data retrieved from external pull requests.

coding-agent