The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches Pull Request metadata, diffs, and existing comments from the official GitCode API (api.gitcode.com). These network operations are strictly limited to the platform required for the skill's functionality.
[COMMAND_EXECUTION]: The skill uses local shell commands via subprocess to perform Git operations such as git clone, git fetch, and git checkout in a temporary directory. It also utilizes ripgrep (rg) to search for code symbols and calling chains to provide context for reviews. These commands are executed within a restricted workspace and are standard for development-oriented agents.
[DATA_EXFILTRATION]: The skill accesses a GitCode personal access token stored in the user's environment variables or global Git configuration. This sensitive credential is used exclusively for authentication with the GitCode API and is not transmitted to any unauthorized third-party services.
[REMOTE_CODE_EXECUTION]: Automated scanner warnings regarding remote code execution are false positives. The Python scripts perform standard JSON parsing of API responses from GitCode to retrieve user profile data and PR information; no downloaded content is executed as a command or script.
[PROMPT_INJECTION]: The skill processes external data from GitCode (PR descriptions and comments) which could theoretically contain adversarial instructions. However, the instructions in SKILL.md provide a robust analytical framework and structured reporting requirements that mitigate the risk of the agent accidentally obeying embedded commands.

external-mindstudio-gitcode-code-reviewer