The Agent Skills Directory

Standard Tool Integration: The skill leverages common development utilities such as tsc, eslint, and oxlint to perform type-checking and linting. These tools are invoked locally via npx to validate the code being reviewed, which is a standard practice for automated code review agents.
Direct Metadata Retrieval: To avoid using outdated information, the instructions direct the agent to read local project files such as node_modules/wrangler/config-schema.json and node_modules/@cloudflare/workers-types/index.d.ts. This ensures that the validation is performed against the specific versions of the platform APIs used in the user's project.
Security Best Practices: The skill incorporates a dedicated security section that instructs the agent to flag hardcoded credentials, weak cryptographic implementations, and logic flaws in security-sensitive code (e.g., timing side-channels). This enhances the security posture of the reviewed code.
Analysis of External Content: By design, the skill ingests and analyzes source code provided by the user. While processing external code inherently presents a surface for indirect prompt injection, the skill focuses on structural and semantic analysis, using automated linters to provide evidence-based feedback which helps mitigate the impact of such inputs.

code-review