Joycode

The agent could ask another AI coding tool to change project files automatically, which may introduce unwanted edits or broad changes if the user expected a review-only workflow.

The skill documents a full-auto mode that can edit files and also documents an approval-policy command, but it does not require explicit user approval, restrict file scope, or require reviewing diffs before applying changes.

Installing a global npm package can change the local development environment and runs code obtained outside this skill artifact.

The skill asks for a global npm installation of the JoyCode CLI without pinning a version. This is central to the skill, but it means the installed package source/version should be trusted separately.

Using the CLI may create or reuse JoyCode account credentials/session state on the machine.

The skill documents interactive login to a JoyCode account. This is expected for a provider CLI, and the artifacts do not show credential theft or unrelated credential use.

Prior prompts, code context, or generated summaries may influence later coding sessions if the CLI stores them.

The skill documents resuming and compacting prior JoyCode sessions, which implies persisted conversation/project context may be reused across tasks.