The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automatically executes repository-specific build and test scripts such as make test, go test, pytest, and npm vitest during the fix verification phase. Running arbitrary code from the repository being reviewed is a potential vector for malicious code execution if the source is untrusted.
[PROMPT_INJECTION]: The skill uses Anti-Rationalization prompts that instruct the AI to REJECT common safety or design-based justifications for not modifying code. This technique forces the agent to be more aggressive and overrides the model's default cautious behavior regarding code modification.
[PROMPT_INJECTION]: Susceptibility to Indirect Prompt Injection. Findings: 1. Ingestion points: The skill reads file contents from the local repository using Read, Grep, and git diff across multiple waves of analysis. 2. Boundary markers: Prompts provided to sub-agents lack boundary markers to separate instructions from the code being analyzed. 3. Capability inventory: The orchestrating agent has extensive capabilities including Edit, Write, and Bash, which are used to apply fixes suggested by sub-agents. 4. Sanitization: There is no evidence of sanitization or instruction-filtering of the code data before it is processed by the AI agents.
[COMMAND_EXECUTION]: References a local script scripts/classify-repo.py which is executed via python3. While likely a vendor-provided tool, its execution adds to the skill's attack surface.

comprehensive-review