The Agent Skills Directory

[COMMAND_EXECUTION]: The managed-stop-dispatch.sh script, which is installed as a global agent hook, automatically discovers and executes bash scripts from the active workspace. Specifically, it executes scripts located at .codex/hooks/ralph-loop-stop.sh and .codex/hooks/cmux-stop-dispatch.sh without validation of the source or content.
Evidence: Found in scripts/managed-stop-dispatch.sh. The route_to_hook function pipes workspace-relative file content directly into bash for execution.
[COMMAND_EXECUTION]: The installation process modifies the agent's global environment by registering a persistent hook in ~/.codex/hooks.json and enabling hooks in ~/.codex/config.toml.
Evidence: scripts/install-user-scope.sh uses jq to modify the global hooks.json file and awk to modify the global config.toml file to ensure the dispatcher runs after every turn.
[PROMPT_INJECTION]: The skill implements an automatic continuation loop that is vulnerable to indirect prompt injection by interpolating user-controlled content into instructions for the model.
Ingestion points: User-provided task descriptions are captured via the --prompt argument in scripts/start-loop.sh and stored in a state file at .codex/ralph-loop-state.json.
Boundary markers: None. The task description is inserted directly into the continuation prompt in scripts/stop-hook.sh without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill possesses capabilities for shell command execution, file system modification, and turn interception.
Sanitization: No sanitization or filtering is applied to the prompt content before it is fed back into the agent's context in subsequent turns.

ralph-loop