The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documentation describes the use of the --yolo flag for the Codex CLI, which explicitly disables sandboxing and automatic approvals, allowing sub-agents to perform unreviewed modifications to the workspace.
[COMMAND_EXECUTION]: It documents an elevated: true parameter for the shell tool, which enables the agent to bypass standard sandbox restrictions and execute commands directly on the host machine.
[EXTERNAL_DOWNLOADS]: The skill recommends installing a third-party package (@mariozechner/pi-coding-agent) from an unverified source to provide additional agent capabilities.
[PROMPT_INJECTION]: The skill is designed to process untrusted external content (Pull Requests and cloned repositories), creating a surface for indirect prompt injection.
Ingestion points: Data enters the context through git clone and gh pr checkout commands used for code reviews and parallel fixes.
Boundary markers: The instructions lack directives for using boundary markers or "ignore embedded instructions" warnings when passing external data to sub-agents.
Capability inventory: The environment provides high-privilege capabilities, including the ability to spawn background shell processes and execute commands on the host.
Sanitization: There are no requirements or instructions provided for sanitizing or validating external repository content before processing.

coding-agent