The Agent Skills Directory

[SAFE]: The skill is a legitimate development tool for conducting Rails-specific code reviews. It focuses on identifying security risks (like mass assignment and XSS) and performance issues (like N+1 queries) in Ruby on Rails applications. No obfuscation, data exfiltration, or unauthorized command execution was found.- [PROMPT_INJECTION]: The skill processes untrusted code diffs and repository files, which constitutes an indirect prompt injection attack surface. However, this is considered a safe surface given the lack of exploitable capabilities.
Ingestion points: SKILL.md (Pre-flight Checks) and REVIEW_CHECKLIST.md describe instructions for the agent to ingest and analyze git diffs and local repository files.
Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to ignore instructions that might be embedded in the code being reviewed.
Capability inventory: The skill's capabilities are limited to reading provided text data and generating Markdown-formatted review comments. No subprocess calls, network requests, or file-write operations are defined in the instructions or scripts.
Sanitization: Absent. There is no explicit logic to sanitize or validate the content of the code files being analyzed.

rails-code-review