The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes local command-line tools including git (for diffing), gh (GitHub CLI for branch resolution), codex (OpenAI Codex CLI), and claude (Claude Code CLI) to perform its core functions.- [EXTERNAL_DOWNLOADS]: The documentation suggests installing external packages such as @anthropic-ai/claude-code via npm and codex via brew. These are legitimate tools from well-known services or the skill's own author, required for the functionality of the skill.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. It processes untrusted data (outputs from git diff and the contents of AGENTS.md) and interpolates them into prompts for a secondary AI reviewer. An attacker could potentially embed malicious instructions within code comments or documentation to manipulate the review output.
Ingestion points: git diff output and AGENTS.md file content processed at runtime.
Boundary markers: The git diff data is piped via standard input; the codex backend wraps it in a <stdin> block as a delimiter.
Capability inventory: The skill performs subprocess calls to git, gh, codex, and claude CLI tools.
Sanitization: No specific sanitization or filtering of the input diff content is performed before it is sent to the backend models.

cross-review