The Agent Skills Directory

[SAFE]: The skill is a legitimate utility for performing code audits and architectural reviews. It does not contain malicious code, instructions to bypass security filters, or hidden payloads.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is designed to ingest and analyze untrusted external code (via Read and Glob tools), which is an inherent attack surface for indirect prompt injection. However, given its primary purpose as a code review tool, this risk is documented as a baseline surface rather than a specific vulnerability.
Ingestion points: Code files identified via Glob and read via Read or Grep tools.
Boundary markers: None explicitly mentioned in the instructions to delimit target code from agent instructions.
Capability inventory: The skill has access to the Bash tool, allowing for potential command execution if the agent is coerced by malicious content in a reviewed file.
Sanitization: No explicit sanitization or filtering of external code content is described in the prompt logic.
[CREDENTIALS_UNSAFE]: The skill includes examples of hardcoded credentials (e.g., AWS Access Keys) and SQL injection patterns. These are explicitly provided as negative test cases for the agent to identify during reviews and are clearly marked as vulnerabilities to be fixed. They do not represent leaked credentials of the skill or its author.

loom-code-review