The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation suggests installing the octocode-mcp package via npx. This is the official server package provided by the vendor for the skill's core functionality. Findings related to vendor-owned resources are considered standard setup procedures.\n- [COMMAND_EXECUTION]: The skill uses shell git commands (git status, git diff, git branch, git log) to identify changes in the local workspace. These commands are necessary for obtaining the context required for code reviews and are limited to metadata and diff retrieval.\n- [DATA_EXFILTRATION]: The skill accesses repository data through MCP tools and git to perform analysis. It writes review findings to local project directories (.octocode/). No unauthorized data transmission or exfiltration patterns were detected.\n- [PROMPT_INJECTION]: The skill processes untrusted data from Pull Requests and source code, creating a surface for indirect prompt injection.\n
Ingestion points: Pull Request metadata, comments, and code diffs (SKILL.md, execution-lifecycle.md).\n
Boundary markers: Absent. The skill uses a structured Phase system but does not define explicit delimiters for untrusted content.\n
Capability inventory: Shell command execution (git), local file writing, and repository exploration via MCP tools (SKILL.md).\n
Sanitization: Absent. No explicit filtering of external content is mentioned.

octocode-pull-request-reviewer