The Agent Skills Directory

[SAFE]: The skill defines a legitimate and useful methodology for reviewing pull requests and commits for security vulnerabilities. It utilizes standard command-line tools such as Git, jq, and npm audit in a manner consistent with industry best practices.
[PROMPT_INJECTION]: The skill was evaluated for its susceptibility to indirect prompt injection (Category 8) due to its core function of processing untrusted code diffs.
Ingestion points: The skill ingests untrusted code changes and commit messages via git diff and git log commands defined in SKILL.md.
Boundary markers: There are no explicit delimiters or boundary markers specified in SKILL.md to isolate the content of the diffs from the agent's instructions.
Capability inventory: The skill has access to shell execution (Bash) and file system operations (Read, Glob, Grep) as specified in the SKILL.md frontmatter.
Sanitization: The instructions do not include specific steps to sanitize or ignore instructions embedded within the code being reviewed.
Verdict justification: This vulnerability surface is an inherent part of the skill's primary purpose of reviewing external code; since no active exploitation or malicious behavior is present in the skill itself, this category is noted but does not escalate the verdict.

security-differential-review