The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs shell operations using git and a local Node.js script. It utilizes a highly secure argument passing method (quoted heredoc and argv separation) to eliminate the risk of command injection from user-provided text or repository content.
[PROMPT_INJECTION]: The skill includes extensive instructions for handling untrusted data. It uses XML CDATA wrappers and explicit directives to ensure that content from git diffs, commit messages, and external files is treated as inert reference material rather than executable instructions. This mitigates the risk of indirect prompt injection from repository content. (1) Ingestion: Commit messages, diffs, and file reads. (2) Boundaries: XML/CDATA and inert data markers. (3) Capabilities: Git/Node subprocesses, file-write. (4) Sanitization: Redaction overlay via review-scope-guard.
[DATA_EXFILTRATION]: To prevent the leakage of sensitive information, the skill utilizes a 'Secret Hygiene' overlay that automatically redacts credentials from code and review findings before they are presented to the user or an LLM reviewer.
[EXTERNAL_DOWNLOADS]: During the validity check phase, the skill can fetch documentation from well-known and trusted package registries (e.g., npm, PyPI, Crates.io) and specific version-pinned source repositories. This process is strictly controlled to ensure only public, unauthenticated content is retrieved from verified origins.

codex-review-cycle