The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes subprocess.run in pr_analyzer.py and review_report_generator.py to execute local git commands and invoke its internal Python analysis scripts. These calls use argument lists and do not enable shell execution (shell=True), which effectively prevents shell injection vulnerabilities while performing its intended primary function.
[SAFE]: No network operations, data exfiltration, or unauthorized file access patterns were identified. The skill's operations are confined to the local repository path provided during execution.
[SAFE]: Although the skill includes references to sensitive patterns such as hardcoded secrets and SQL injection in common_antipatterns.md, these are used strictly as illustrative examples for detection and educational purposes within the context of code review, rather than as malicious instructions or credentials.
[SAFE]: The skill processes untrusted code files for review; however, since the analysis is performed using static regex-based patterns in Python scripts rather than direct LLM interpretation of instruction-like code, the risk of indirect prompt injection affecting the agent's core behavior is minimal.

code-reviewer