codex-orchestration

This skill is functionally coherent as an orchestration guide, but it contains operational recommendations that reduce safety (e.g., 'YOLO config', skipping git checks, running background PTY sessions and arbitrary commands). Before installing, consider: - Do you control the agent environment and enforce approvals? If not, do NOT enable 'no approvals' behavior. - Audit what exec_command and write_stdin actually do in your runtime: what permissions and host access they have, and whether they are logged. - Avoid running this on systems with sensitive data or production hosts where background commands could persist. - Prefer disabling autonomous model invocation for this skill (set disableModelInvocation: true) unless you explicitly want the model to spawn exec jobs without manual oversight. - Require an approval step / human review before any long-running or persistent worker starts; disallow skipping repo checks unless you understand the implications. If you want to reduce risk, ask the publisher for a version that removes the 'YOLO' guidance and explicitly limits execution to read-only, sandboxed analyses, or provide explicit safety checks (e.g., require a human confirmation before any exec_command that writes files or spawns persistent processes). Additional useful information to change this assessment: the skill's source/homepage, who maintains it, what the exec_command/write_stdin implementation enforces (sandboxing, user permissions, logging), and whether your agent platform enforces an approvals workflow regardless of the guidance in SKILL.md.