afk

SUSPICIOUS: the skill’s behavior is mostly aligned with its stated AFK orchestration purpose, but it grants an agent high-impact autonomous control over code, git history, and GitHub issue state. The biggest risks are autonomous real-world actions and prompt-injection from issue content feeding an agent that can edit, test, merge, push, and close issues.

No direct evidence of credential theft, data exfiltration, obfuscation, or classic in-script malware is present in this Bash code. However, it executes an AI runner with explicitly high privilege (`codex ... --sandbox danger-full-access --dangerously-bypass-approvals-and-sandbox`) and then auto-merges/pushes changes to origin/main based on AI output and limited test scripts. This is a substantial security risk and a plausible sabotage vector if an attacker can influence issue content/prompts or if the runner is compromised. Review the governance of issue labeling, runner trust, and codex sandbox bypass carefully before using this in a sensitive environment.