The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/sprite_generate.py invokes the codex CLI with the --dangerously-bypass-approvals-and-sandbox flag. This flag is explicitly used to disable security sandboxing and approval mechanisms within the Codex execution environment, which increases the risk of unauthorized system actions if the execution flow is compromised.- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8). User-provided character descriptions are interpolated into complex instructions for a chained AI agent without sanitization or clear boundary delimiters in scripts/sprite_prompt.py. Because the chained agent has the capability to perform file system operations (like ls -la) and is running with a sandbox bypass, a malicious description could potentially be used to execute unauthorized commands on the host.- [COMMAND_EXECUTION]: The script scripts/road_to_aew_integration.py executes npm run generate:sprites using subprocess.run. This creates a dependency on the security and integrity of project-local configuration files and scripts, which could be exploited to run arbitrary code if the development environment is compromised.

game-sprite-pipeline