The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform git operations, including git status, git diff, and git rev-parse. These are standard operations for determining the scope of code changes for review.
[DATA_EXFILTRATION]: The repo-hygiene sub-agent is specifically programmed to search for sensitive information such as API keys, tokens, and private keys (e.g., AKIA..., ghp_..., BEGIN RSA PRIVATE KEY). This behavior is consistent with the skill's stated purpose of auditing code for security risks. No network exfiltration was detected; findings are aggregated into a local REVIEW.md file.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted local code. Malicious instructions embedded in code comments or strings could potentially influence the reviewer agents. The skill's multi-agent architecture and verification pass provide some structural mitigation, and the risk is assessed as low given the local context.
Ingestion points: Local source code files and git diffs identified in Phase 1.
Boundary markers: None explicitly defined in the prompts to distinguish code from instructions.
Capability inventory: Bash, Write, and Task tools available across all scripts.
Sanitization: No evidence of input sanitization or filtering of the code being reviewed.
[SAFE]: The skill implements security best practices by identifying hardcoded credentials and advising the user on proper remediation, such as using environment variables and .env.example templates.

code-review