The Agent Skills Directory

[SAFE]: The skill implements a robust 'Review Contract' that mandates evidence-based reporting. It requires findings to be explicitly tagged with their source (e.g., 'verified from code', 'verified from test output', or 'HYPOTHESIS'), which serves as a defensive mechanism against taking untrusted input at face value.- [DATA_EXPOSURE]: The skill instructions specify a 'read-only by default' policy, explicitly instructing the agent not to edit files, commit, push, or rebase unless the user explicitly switches modes. This limits the potential impact of processing untrusted code diffs.- [INDIRECT_PROMPT_INJECTION]: While the skill is designed to ingest and process untrusted data (code diffs and external reviewer feedback), it mitigates indirect injection risks by requiring the agent to independently verify all claims and classify unverified information as 'HYPOTHESIS' or 'inferred from prompt'.

agentic-review-handoff