The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes git diff and git log commands to identify and extract code changes for analysis. These are legitimate operations for a code review tool and are confined to the local repository.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and interpreting untrusted content from diff outputs and external rule files. 1. Ingestion points: The skill reads git diff data and files like review_rules.md, coding-rules.md, and design.md (Step 1, Step 2, Step 4). 2. Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious commands embedded in the code or rules. 3. Capability inventory: The skill performs local file read/write operations and executes git CLI commands. 4. Sanitization: The instructions do not include logic for sanitizing or validating external input. The impact of such an injection is limited to producing deceptive review findings in the output report.

spec-review