The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git diff to identify changed files. This is a standard development operation used to scope the review and does not pose a security risk in this context.
[SAFE]: Subagents are explicitly instructed to run with readonly: true, which prevents the AI from making unauthorized modifications to the codebase during the review process.
[PROMPT_INJECTION]: The skill processes external code diffs which presents a surface for indirect prompt injection (Category 8). Maliciously crafted code in a PR could attempt to trick the subagent into misreporting its findings.
Ingestion points: File contents retrieved via git diff or PR links.
Boundary markers: None explicitly defined in the provided prompt templates.
Capability inventory: The subagents use the explore tool with readonly: true enabled.
Sanitization: No specific sanitization of the code diff is performed before processing.

parallel-code-review