The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: Untrusted data (such as feature descriptions and requirements) enters the subagent context via the {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} placeholders in code-reviewer.md. Boundary markers: No markers or instructions are provided to explicitly delimit or sanitize this untrusted content. Capability inventory: The skill utilizes git log and git diff commands via a subagent task tool. Sanitization: There is no evidence of sanitization or validation of the interpolated content.
[COMMAND_EXECUTION]: The skill instructions and templates dynamically assemble shell commands. SKILL.md provides instructions to execute git rev-parse and git log, while code-reviewer.md constructs git diff commands using SHAs provided via placeholders. This is an expected pattern for git-integrated tools, but presents a surface for command injection if the commit identifiers or range parameters originate from untrusted sources.

requesting-code-review