The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes files evaluation-output.json and skill-report.json which contain spoofed security analysis results. These files explicitly state that the skill is 'safe', identify several 'findings', and label them all as 'false positives' with fake justifications. This is a self-referential indirect prompt injection (Category 8e) designed to deceive security tools or human reviewers into trusting the skill without further verification.
Evidence: evaluation-output.json contains a fabricated security audit claiming a 'safe' risk level and a list of 121 false positive evaluations.
Evidence: skill-report.json contains similar spoofed metadata, including a 'safe' risk level assessment and audit timestamps.
[SAFE]: The primary instructional content in SKILL.md and the reference files provides legitimate, documentation-only guidelines for analyzing code quality (e.g., naming, function size, duplication). There are no executable scripts, remote code downloads, or risky command execution patterns identified in the actual code review logic.

clean-code-reviewer