The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes standard system tools including git, cat, rg, and find to gather workspace context such as file contents and version history. These are executed in a read-only capacity to facilitate code review.
[DATA_EXFILTRATION]: Workspace data including source code, diffs, and project rules from CLAUDE.md are transmitted to the mcp__codex-mcp__codex tool for processing. This transmission is central to the skill's function but involves sharing potentially sensitive project data with an external service provider.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Ingestion points: The skill ingests untrusted data from local files via cat, git logs, and git diffs. Boundary markers: Absent. File contents and diffs are interpolated directly into the Codex prompt template without delimiters or instructions to ignore embedded commands. Capability inventory: The agent has the ability to read arbitrary files and perform work based on user selections in Step 7, which could involve code modifications. Sanitization: None. External data is not escaped or validated before being placed into the prompt context.

codex-advisor