Trust Assessment
coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated Remote Script Execution via Base64, Bypassing Sandbox and Approvals with '--yolo' flag, Auto-Approval of Actions with '--full-auto' flag.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated Remote Script Execution via Base64 The skill explicitly instructs the user to execute a base64-decoded command that downloads and runs an unverified script from a suspicious IP address (http://91.92.242.30) via HTTP. This allows arbitrary code execution from an untrusted source without any integrity checks (e.g., HTTPS, checksums), posing a severe supply chain risk and command injection vulnerability. Remove the instruction to execute the base64-encoded command. If an external installer is necessary, provide a secure, verified method (e.g., signed package, official repository, HTTPS with checksum verification) or instruct the user to install from a trusted source manually. | LLM | SKILL.md:12 | |
| CRITICAL | Bypassing Sandbox and Approvals with '--yolo' flag The skill explicitly instructs the agent to use the `codex --yolo` flag, which is described as 'NO sandbox, NO approvals (fastest, most dangerous)' and a shortcut for `--dangerously-bypass-approvals-and-sandbox`. This flag completely disables critical security mechanisms of the `codex` tool, allowing the agent to execute arbitrary commands on the host system without any sandboxing or human approval. This creates a direct path for command injection and excessive permissions. Remove all instructions and examples that use the `--yolo` or `--dangerously-bypass-approvals-and-sandbox` flags. Always ensure agents operate within a sandboxed environment and require explicit human approval for sensitive actions. | LLM | SKILL.md:40 | |
| HIGH | Auto-Approval of Actions with '--full-auto' flag The skill explicitly instructs the agent to use the `codex exec --full-auto` flag, which 'sandboxed but auto-approves in workspace'. While the operation is sandboxed, the auto-approval mechanism removes a critical human oversight step. This allows the agent to make unreviewed changes within its workspace, which could lead to unintended modifications, introduction of vulnerabilities, or malicious actions if the agent is compromised or misinterprets instructions. Avoid using `--full-auto` for actions that modify the system or project. Implement a mechanism for human review and approval before changes are applied, even within a sandboxed environment. | LLM | SKILL.md:37 | |
| MEDIUM | Unverified Global Package Installation The skill instructs the user to install the `@mariozechner/pi-coding-agent` package globally via `npm install -g`. Installing global packages from unverified or less-known sources introduces a supply chain risk, as a malicious package could execute arbitrary code during installation or runtime, affecting the entire system. Recommend installing packages locally (`npm install`) rather than globally where possible. If a global installation is necessary, provide clear instructions for verifying the package's integrity (e.g., checking checksums, reviewing source code, using official package registries) and warn users about the risks of installing unverified software. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/a3a47a02965ddd6f)
Powered by SkillShield