The Agent Skills Directory

[SAFE]: The skill documentation outlines a procedural methodology for reviewing code, including fact-gathering, testing verification, and severity-grading for feedback. No malicious instructions or evasion techniques were detected.
[COMMAND_EXECUTION]: The skill utilizes tools such as Bash, Grep, and Read. These are used for standard developer tasks like searching for function call sites (grep) and potentially running local linting or testing suites. The instructions do not involve executing untrusted remote scripts or dangerous system-level commands.
[PROMPT_INJECTION]: No direct prompt injection patterns or attempts to override the agent's safety guardrails were found. The instructions are focused on the task of code analysis and constructive feedback.
[DATA_EXPOSURE]: There is no evidence of hardcoded credentials, access to sensitive environment configurations (e.g., SSH keys, .env files), or network exfiltration logic.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data in the form of PR diffs and descriptions, it explicitly instructs the agent to perform a deliberate verification pass (Phase 5), particularly for AI-generated code, which serves as a mitigation strategy against accepting potentially harmful or incorrect logic introduced via the code under review.

code-review