The Agent Skills Directory

[PROMPT_INJECTION]: The skill mandates an "Indirect Prompt Injection" surface via its "Live Docs First" workflow. It instructs the agent to fetch and process content from multiple external URLs—including OpenAI's official documentation and raw source-code files on GitHub—to verify hook events and parser behavior before generating a scaffold.
Ingestion points: Multiple external URLs listed in SKILL.md and assets/hook-events.json targeting developers.openai.com and raw.githubusercontent.com.
Boundary markers: Absent; the agent is directed to treat external content as the source of truth for planning and scaffolding logic.
Capability inventory: The skill uses scripts/scaffold_hooks.sh to generate executable bash scripts and scripts/merge_hooks_json.sh to modify project configuration files (.codex/hooks.json).
Sanitization: While the generation script scaffold_hooks.sh includes shell-escaping logic (escape_for_sed), there is no explicit prompt-level sanitization for the instructions or schemas ingested from the remote URLs.
[COMMAND_EXECUTION]: The skill relies on several local scripts to perform its primary functions, including repository auditing and configuration management.
Evidence: Use of subprocess.run in scripts/check_hooks_feature.py to query the codex CLI and shell scripts like scripts/audit_project.sh which utilize git, rg, and jq to profile the target project.
[EXTERNAL_DOWNLOADS]: The skill references and encourages the retrieval of documentation and technical specifications from external sources.
Evidence: References to official OpenAI GitHub repositories and documentation sites. These are used for legitimate verification of the Codex hook model and do not involve the execution of unverified remote code.

scaffold-codex-hooks