The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads project-specific documentation (TechSpecs, ADRs, and research notes) to provide context for the review process. This information is processed through the compozy exec tool for reasoning. This behavior is consistent with the skill's stated purpose of technical review and does not involve unauthorized data transmission to external or untrusted domains.
[COMMAND_EXECUTION]: The skill utilizes the vendor's compozy exec CLI tool to facilitate cross-LLM analysis. The command is constructed using local file paths and controlled logic. The workflow enforces a decision-gate where the user must explicitly choose which findings to incorporate before any automated file modifications occur, preventing unauthorized or autonomous system changes.
[PROMPT_INJECTION]: The skill ingests technical specifications that could potentially contain adversarial instructions (Indirect Prompt Injection). This risk is mitigated by the use of a rigid architectural prompt template and a structured JSON output format. Furthermore, the mandatory user-directed incorporation step ensures that no LLM-generated recommendations are applied to the codebase without human review and approval.

cy-spec-peer-review