The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands to gather project diffs and run an external review tool (codex exec review). It explicitly authorizes the agent to perform autonomous code modifications based on the tool's output for "warning" findings without human oversight.
[DATA_EXFILTRATION]: Source code logic and modifications are extracted via git diff and transmitted to an external service for processing. This involves sending proprietary or sensitive codebase information to a third-party model (specified as gpt-5.4).
[EXTERNAL_DOWNLOADS]: The skill directs the agent to guide users to install an external binary via Homebrew (brew install --cask codex). The legitimacy of this specific cask should be verified as it is a third-party dependency not explicitly tied to a well-known vendor.
[PROMPT_INJECTION]: The instructions contain a directive to bypass standard user-confirmation protocols for specific types of code changes, stating that "user confirmation is not required" when applying autonomous fixes.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the repository (file diffs and AGENTS.md) and passes it to an external LLM. Maliciously crafted comments or code in the diff could attempt to influence the agent's behavior during the review process.
Ingestion points: git diff output, AGENTS.md file content
Boundary markers: Absent; data is interpolated directly into the tool prompt
Capability inventory: Shell command execution, network access via codex CLI, and codebase write capabilities
Sanitization: None; raw diff content is passed to the external reviewer

codex-review