The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes external command-line interfaces (CLIs) to facilitate its 'Engine Mode' deliberation process. As documented in 'references/engine-deliberation-guide.md', the agent is instructed to run commands such as 'codex exec --full-auto' and 'gemini -p'. These commands are executed directly in the shell environment to interact with external AI providers.
[REMOTE_CODE_EXECUTION]: There is a critical vulnerability in how the agent constructs shell commands for external engines. The templates for Codex and Gemini prompts interpolate user-controlled variables—including 'subject', 'context_summary', and 'options'—directly into a shell command string. Without strict sanitization, an attacker could provide a decision subject containing shell metacharacters (e.g., backticks, semicolons, or pipes) to execute arbitrary code on the local system where the agent is running.
[EXTERNAL_DOWNLOADS]: The 'Engine Mode' functionality involves sending decision data and context to remote third-party services (OpenAI/Codex and Google/Gemini) and retrieving results. This constitutes an external data flow that may involve sensitive project information.
[PROMPT_INJECTION]: The skill processes untrusted user input as the core of its deliberation framing but lacks defensive boundary markers (such as XML tags or explicit 'ignore' delimiters) in its prompt templates. This exposes the internal deliberation logic to indirect prompt injection, where a user-provided decision request could contain instructions to bias the verdict or bypass the 'Always/Never' constraints defined in the skill body.

magi