The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple local scripts using the uv run command, such as init_skill.py, quick_validate.py, and generate_openai_yaml.py. These scripts are part of the skill's internal infrastructure located in the codex/skills/.system/ directory.
[PROMPT_INJECTION]: The Seq Feedback Loop introduces an indirect prompt injection surface by reading historical session logs from ~/.codex/sessions to guide instructions updates. This data is inherently untrusted.
Ingestion points: Reads messages dataset from ~/.codex/sessions using the seq.py script.
Boundary markers: None provided; the skill consumes historical text directly to identify patterns for instruction refinement.
Capability inventory: The skill can modify its own SKILL.md file and other skills in the repository, and can execute various local Python scripts.
Sanitization: The skill does not specify any sanitization or validation process for the text content retrieved from session histories.

ms