The Agent Skills Directory

[DATA_EXFILTRATION]: The skill dispatches project context and user-supplied topics to external AI providers. The 'Mother' agent uses the mcp__codex__codex tool to send prompts containing project files, notes, and file paths to OpenAI Codex. The 'Woman' agent uses the gemini CLI to send similar project context and file contents to Google Gemini. This behavior is central to the skill's purpose but involves transmitting potentially sensitive local information to third-party services.
[COMMAND_EXECUTION]: Instructs the agent to use the gemini CLI with an auto-approval flag. In references/gemini.md, the agent is directed to use the --yolo flag, which auto-approves all tool calls made by the Gemini model. This removes human oversight from actions performed by the external model, which could be problematic if the model is compromised or manipulated via prompt injection.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from repository files. Sub-agents are instructed to 'Gather project context' by reading files like CLAUDE.md, recent commits, and other project documentation to inform their brainstorming. Malicious instructions placed in these files by an attacker could influence the agents' behavior. Evidence includes file-reading instructions in personalities/MAGI-1.md and the checklists in references/codex.md and references/gemini.md. The skill uses XML-style tags for prompt structure but lacks explicit sanitization of file content.

magi-ex