The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of exec_command to perform shell operations, including the management of background sessions and PTY (pseudo-terminal) allocation. It instructs the agent to run complex sequences of commands like mktemp, git init, and pnpm install across various directories.
[REMOTE_CODE_EXECUTION]: The skill facilitates delegated code execution through external AI agents (Codex, Claude, Pi). Critically, it encourages the use of the --yolo flag for the Codex CLI, which is explicitly described as having 'NO sandbox, NO approvals', allowing the sub-agent to execute arbitrary code on the host system without user intervention.
[EXTERNAL_DOWNLOADS]: The documentation recommends the installation of the @mariozechner/pi-coding-agent package via npm install -g. This points to a third-party repository not managed by a verified organization, introducing supply chain risk.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted external data during PR reviews and batch operations.
Ingestion points: Pull request content, diffs, and branch data fetched via git clone, gh pr checkout, and git fetch (SKILL.md).
Boundary markers: None identified; instructions do not provide delimiters or system instructions to the sub-agents to ignore embedded malicious content in the PRs being reviewed.
Capability inventory: The coding agents have full access to the shell via exec_command, the ability to write to files/processes via write_stdin, and network access via git and gh tools.
Sanitization: None identified; external content from PRs is passed directly to the LLM-powered agents for analysis and execution of suggested fixes.

coding-agent