The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install the gfreview tool by downloading a shell script from a remote URL and piping it directly into the bash shell (curl -fsSL https://raw.githubusercontent.com/martinffx/gfreview/main/install.sh | bash). This is a high-risk pattern that executes unverified code on the host system.
[COMMAND_EXECUTION]: The skill frequently invokes shell commands such as git, gh, and gfreview to retrieve repository data, manage branches, and post review comments to external forges.
[EXTERNAL_DOWNLOADS]: The workflow relies on fetching external scripts and tools from the martinffx/gfreview repository on GitHub to enable primary functionality like PR responses.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from git diff and PR discussions which are then passed to multiple subagents (clerk, general, architect, oracle).
Ingestion points: Code diffs (via git diff main or gfreview diff) and discussion threads (via gfreview discussions).
Boundary markers: The prompts in reviewers.md and rq.md place the untrusted diff content within markdown code blocks but do not include explicit instructions to ignore embedded agent commands or specific delimiters to separate data from instructions.
Capability inventory: The skill possesses significant capabilities, including the ability to write files (applying fixes), execute shell commands, and communicate with external GitHub/GitLab APIs.
Sanitization: The workflow includes a 'Challenge' step using an oracle agent to validate findings; however, this is a logical check rather than a security sanitization layer against injection.

code-review