The Agent Skills Directory

[COMMAND_EXECUTION]: The template in code-reviewer.md uses shell command interpolation for git operations. The placeholders {BASE_SHA} and {HEAD_SHA} are directly embedded into git diff --stat {BASE_SHA}..{HEAD_SHA} and git diff {BASE_SHA}..{HEAD_SHA}. If these parameters are populated with untrusted input containing shell metacharacters, it could lead to arbitrary command execution in the agent's environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). The code-reviewer subagent processes external data (git diffs and requirement documents) without adequate security controls.
Ingestion points: Git diff output and external plan/requirement files defined by {PLAN_OR_REQUIREMENTS}.
Boundary markers: Absent. The instructions do not use delimiters or provide explicit warnings to the subagent to ignore instructions embedded within the code or documentation being reviewed.
Capability inventory: The agent has the capability to execute shell commands (git) and write responses based on its analysis.
Sanitization: No sanitization or validation of the ingested code or text is performed before it is presented to the subagent.

requesting-code-review