The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection (using the ! syntax) to execute shell commands such as git log and git diff at runtime. These commands are used to automatically gather the necessary context (diff range and file statistics) for the review process, which is a standard and expected practice for a development-focused quality assurance tool.
[PROMPT_INJECTION]: The skill operates by ingesting potentially untrusted data, specifically the code or artifacts to be reviewed. This presents an attack surface for indirect prompt injection where malicious instructions could be embedded in the code being analyzed. The skill mitigates this by using clear boundary markers in its prompts (e.g., CODE/OUTPUT TO REVIEW:) and providing specific instructions to the reviewer agent to focus on correctness and security, as well as a verification step to distinguish signal from noise.
[DATA_EXPOSURE]: The skill accesses the local git repository history and diffs to perform its function. While this involves reading code and commit metadata, it is restricted to the intended scope of the code review process initiated by the user.

fresh-eyes