coding-agent

SUSPICIOUS: the skill’s core purpose is coherent, but its footprint is high-risk for an agent skill because it orchestrates multiple external coding CLIs, forwards prompts and sometimes API keys to them, and enables autonomous code changes, pushes, PR creation, and public comments. Official vendor CLIs reduce malware confidence for Codex/Claude/OpenCode, but the third-party Pi package and dangerous autonomous workflows keep overall security risk elevated.