The Agent Skills Directory

[SAFE]: The skill instructions define a strictly read-only workflow. It explicitly forbids the agent from modifying source code, performing git mutations (like commits or pushes), or using the Edit tool on any project files.- [SAFE]: Data access is confined to the local project files within the working directory. The skill uses standard file system tools and specific read-only git subcommands (e.g., git diff, git status) to identify and analyze relevant SAP CAP project artifacts.- [SAFE]: The analysis logic is entirely grounded in a set of local reference files provided within the skill package. The agent is instructed to only report findings that explicitly match a Rule ID from these checklists, preventing it from inventing or hallucinating issues.- [SAFE]: No evidence of network exfiltration, hardcoded credentials, obfuscated code, or unauthorized external dependencies was found. The skill operates locally and writes only one specific report file (CAP-CODE-REVIEW.md).- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data (source code from the user's project). However, the risk is effectively managed by the structured workflow and the requirement to anchor all findings in the provided references/ documentation. Boundary markers are implicitly defined by the mandatory reporting structure and rule-matching logic.

sap-cap-code-review