The Agent Skills Directory

[SAFE]: The skill is comprised of instructional Markdown files and checklists. No executable code, shell scripts, or obfuscated content were found during the analysis.
[DATA_EXFILTRATION]: While the skill mentions using JIRA and GitHub tools to retrieve PR context, these are standard operational requirements for a code review agent and are used for data retrieval rather than unauthorized exfiltration. No hardcoded credentials or sensitive file path accesses were detected.
[PROMPT_INJECTION]: The skill operates on untrusted data by reviewing external pull requests and code diffs.
Ingestion points: Pull request titles, descriptions, and Kotlin/Gradle source files are processed as input.
Boundary markers: The provided documentation does not define specific delimiters for untrusted content.
Capability inventory: The agent can read repository files and use external project management tools (JIRA/GitHub).
Sanitization: No explicit sanitization of input text is mentioned. However, the systematic multi-pass strategy (Step 4) acts as a functional mitigation by grounding the LLM's output in predefined architectural and security checklists.
[SAFE]: The security reference materials (reference/security-patterns.md) demonstrate a defensive posture, specifically flagging the storage of plaintext secrets and the logging of sensitive data as critical issues to be caught during review.

reviewing-changes