The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of shell scripts to manage git worktrees and apply patches. These scripts (e.g., spawn_agents.sh, merge_patches.sh) handle file paths and identifiers derived from a YAML plan file, which could lead to unintended repository modifications if the plan is malformed or maliciously crafted.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. The orchestration process depends on a plan.yaml file that defines goals and scopes for worker agents. If this plan is influenced or generated based on untrusted repository content, it could facilitate attacks where worker agents are coerced into performing unauthorized actions.\n- [DATA_EXFILTRATION]: The orchestration model involves creating multiple copies of the target repository within the /tmp/ directory. While these operations are local, they increase the exposure of the source code to other processes and users on the system, potentially revealing sensitive information contained within the repository history or files.

multi-codex-orchestrator