The Agent Skills Directory

[SAFE]: The skill contains no executable scripts, shell commands, or network requests. It functions solely as a prompt template for code review tasks and does not involve any dangerous execution patterns.
[PROMPT_INJECTION]: Indirect Prompt Injection: The skill processes untrusted codebase data during its audit. Ingestion point: Full repository tree (SKILL.md). Boundary markers: Absent. Capability inventory: Reporting only; the skill is restricted to text output and does not have execution or file-write capabilities. Sanitization: Absent. The risk is considered minimal as the skill only generates a ranked list of suggestions and does not apply fixes.

ponytail-audit