The Agent Skills Directory

[SAFE]: No malicious patterns, unauthorized command execution, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of providing code quality reviews and follows safe practices.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill uses Read, Grep, and Glob tools to access code files and pull request descriptions for analysis. These operations are performed within the local environment, and the skill has no network tools or external data transmission capabilities.- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from source code and PR descriptions. 1. Ingestion points: Code files and PR descriptions are read using the Read and Grep tools. 2. Boundary markers: No specific delimiters are defined to separate ingested code from instructions. 3. Capability inventory: The agent's tools (Read, Grep, Glob) are strictly read-only, preventing any state-changing attacks. 4. Sanitization: The skill does not explicitly sanitize content, but its output is limited to generating report text for the user's review. This surface is inherent to the code review process and carries low risk given the restricted capabilities.- [EXTERNAL_DOWNLOADS]: The skill documentation includes references and templates adapted from the obra/superpowers repository on GitHub. These are informational resources and do not involve remote code execution or dynamic package loading.

code-reviewer