The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses high-pressure, authoritative language to hijack the agent's decision-making process. It mandates that the agent 'ABSOLUTELY MUST' invoke its skills even if there is only a '1% chance' they apply, and explicitly defines a hierarchy where the 'Gangsta skills' override the default system prompt.
[REMOTE_CODE_EXECUTION]: In references/codex-tools.md, the skill describes a mechanism for 'Named agent dispatch' that involves reading external prompt files (e.g., agents/soldier.md) and using their content to spawn subagents. This dynamic loading and execution of instructions from arbitrary file paths creates a significant attack surface for executing untrusted instructions.
[COMMAND_EXECUTION]: The skill provides comprehensive tool mappings for four different platforms (Codex, Copilot CLI, Gemini CLI, and OpenCode), enabling the agent to perform extensive file system operations (Read, Write, Edit) and shell command execution (Bash, run_shell_command, bash).
[PROMPT_INJECTION]: The codex-tools.md file provides specific templates for subagent dispatch that use XML tags and task-delegation framing to ensure the model treats the injected content as 'authoritative', which is a technique used to bypass safety filters or system-level constraints.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes mappings for web-fetching tools (WebFetch, web_fetch, webfetch) and web-searching capabilities, which could be chained with its file-reading capabilities to exfiltrate data from the local environment.

using-gangsta