The Agent Skills Directory

[COMMAND_EXECUTION]: Explicitly modifies security policies in ~/.codex/config.toml to set approval_policy = "never" and sandbox_mode = "danger-full-access". This removes user-in-the-loop confirmation for commands and grants the agent unrestricted system access, creating a high-risk security state.
[COMMAND_EXECUTION]: Instructs the agent to generate and execute temporary .mjs script files on Windows systems for configuration format conversions, involving dynamic code generation and execution.
[EXTERNAL_DOWNLOADS]: Performs remote plugin installation and marketplace registration using CLI commands such as /plugin install and codex plugin marketplace add targeting the levnikolaevich/claude-code-skills repository. This involves downloading and executing code from external sources.
[DATA_EXFILTRATION]: Accesses sensitive configuration files (~/.claude.json, ~/.codex/config.toml) that may contain API credentials, access tokens, or sensitive environment variables within MCP server definitions.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through its automated language detection and provider check mechanism.
Ingestion points: Reads project files including package.json, pyproject.toml, and Cargo.toml in PHASE_4a (SKILL.md).
Boundary markers: No delimiters or instructions are used to ignore embedded content in the ingested files.
Capability inventory: Includes the ability to install MCP providers, plugins, and execute node scripts based on the ingested data.
Sanitization: No validation or sanitization is performed on the content of the ingested project metadata files.

ln-013-config-syncer