The Agent Skills Directory

[SAFE]: Static analysis identified keywords associated with arbitrary code execution (eval, exec, pickle.loads) in references/criteria-critical.md. Evaluation confirms these are educational examples within documentation intended to teach an agent what security vulnerabilities to look for during a code review, rather than executable code or malicious instructions within the skill itself.
[SAFE]: The skill defines a protocol for the agent to ingest and analyze external code. While this creates an inherent surface for indirect prompt injection (where instructions embedded in the analyzed code could attempt to influence the agent), the skill itself provides no dangerous capabilities (it is configured with disable-model-invocation: true) and includes structured output requirements that help maintain agent focus.

code-review-standards