The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git commands to analyze the repository state and generate code diffs for review. Evidence: SKILL.md uses git rev-parse and git log to identify commit SHAs; code-reviewer.md uses git diff to retrieve changes between those SHAs.
[PROMPT_INJECTION]: The subagent prompt template in code-reviewer.md uses placeholders that ingest external content without proper sanitization or boundary markers, creating a surface for indirect prompt injection. * Ingestion points: code-reviewer.md (placeholders {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, and {PLAN_REFERENCE}). * Boundary markers: Absent; external data is interpolated directly into the instructional text without delimiters or instructions to ignore embedded commands. * Capability inventory: SKILL.md and code-reviewer.md execute shell commands (git). * Sanitization: Absent; the skill does not sanitize or validate placeholder content.

requesting-code-review