The Agent Skills Directory

[SAFE]: The skill is a well-designed educational and utilitarian resource. It implements 'Progressive Disclosure' by using on-demand reference files for specific languages, which optimizes context window usage.
[COMMAND_EXECUTION]: The skill specifies the Bash tool in its allowed-tools frontmatter. The stated and practiced purpose is to run legitimate development commands such as linting, testing, and building to verify the quality of reviewed code. This is an appropriate capability for a code review tool.
[EXTERNAL_DOWNLOADS]: The WebFetch tool is included to allow the agent to consult official documentation and industry best practices. This aligns with the skill's purpose of providing 'excellence' in code review.
[PROMPT_INJECTION]: While the skill is designed to process untrusted pull request data (an indirect prompt injection surface), it includes an extensive security-review-guide.md and detailed language-specific checklists. These resources are specifically aimed at training the agent to detect and mitigate security risks, including injection attacks, in the code it analyzes.
Ingestion points: The skill processes pull request diffs and source code files (untrusted external data).
Boundary markers: The instructions mandate a structured four-phase review process and the use of specific severity labels (blocking, important, nit, etc.) to keep the agent's focus on objective analysis.
Capability inventory: The skill has access to Bash, WebFetch, Read, Grep, and Glob tools.
Sanitization: The skill relies on the agent's internal safety filters and the provided defensive checklists to safely evaluate external code rather than executing it directly.
[NO_CODE]: The included Python script scripts/pr-analyzer.py is a self-contained complexity calculator. It uses only standard library modules (re, argparse, dataclasses, etc.) and contains no network operations, file writes, or dynamic code execution patterns.

code-review-excellence