The Agent Skills Directory

[SAFE]: The skill is a collection of Markdown documentation files providing guidelines on software architecture (SOLID, DRY), performance, and security hardening (CSRF, Rate Limiting). It does not contain executable scripts or active components that could perform malicious actions.
[PROMPT_INJECTION]: No behavioral overrides, jailbreak attempts, or instructions to bypass safety filters were detected. The instructional language is strictly limited to providing technical guidance for code reviews.
[DATA_EXFILTRATION]: There are no hardcoded secrets, API keys, or patterns that attempt to access sensitive local files (e.g., .env or SSH keys). All network-related examples in the documentation refer to legitimate, well-known services like Upstash or Next.js.
[REMOTE_CODE_EXECUTION]: No patterns of downloading and executing arbitrary remote scripts (such as curl | bash) were found. The installation instruction in the README uses the standard npx skills add command, which is external to the agent's runtime execution.
[INDIRECT_PROMPT_INJECTION]: As a code review skill, the agent is inherently exposed to untrusted user-provided code. However, the skill itself does not provide mechanisms that would escalate the risk of the agent obeying instructions embedded in the code it reviews beyond the standard risks associated with any LLM-based code analysis task.

beforemerge-fullstack-architecture-review