The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the gh (GitHub CLI) and git tools through a series of shell scripts to fetch pull request data, manage local branches, and post review comments. It includes safety hooks in hooks/hooks.json specifically designed to block destructive operations like git push --force or git reset --hard.
[EXTERNAL_DOWNLOADS]: Fetches pull request diffs, metadata, and repository content from GitHub's official API. These network operations target a well-known service and are essential for the skill's primary function.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core purpose is to ingest and analyze untrusted code from external pull requests. Maliciously crafted code or comments within a PR could attempt to subvert the review logic or influence the agent's tool execution. The risk is partially mitigated by the use of an independent 'Validator' agent (Opus) and a majority-voting system among five parallel passes.
[COMMAND_EXECUTION]: An optional autofix feature allows the agent to generate and apply code modifications to the local filesystem using the Edit tool. The skill enforces a scope check to ensure fixes are minimal (limited to one file and 20 lines) and validates changes by running existing local test suites before committing.

bug-review