The Agent Skills Directory

Safe Process Design: The skill implements a 'Core principle' of reviewing work early and often, which is a standard security and quality assurance practice in software development.
Git Operations: The use of standard git commands (git rev-parse, git diff) to establish context is appropriate and localized to the project environment.
Indirect Prompt Injection Surface: As a code review tool, the skill naturally ingests untrusted data in the form of code changes ({DESCRIPTION} and {PLAN_OR_REQUIREMENTS}).
Ingestion points: Data enters the agent context through placeholders in the code-reviewer.md template used by the Task tool.
Boundary markers: The skill uses markdown headers and clear sections to delimit requirements from code implementations.
Capability inventory: The reviewer agent is primarily configured for analysis and feedback generation via git diff commands.
Sanitization: While explicit sanitization is not mentioned, the structured template approach effectively scopes the reviewer's attention to the provided diffs rather than arbitrary execution.
Controlled Execution Environment: The skill explicitly notes that the reviewer subagent receives precisely crafted context rather than the full session history, which minimizes the risk of context leakage or accidental instruction following from previous turns.

requesting-code-review