The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected. All external tool references and package installations are associated with well-known and trusted technology services.
[COMMAND_EXECUTION]: The skill uses local shell commands to invoke the claude CLI and git. Command construction in the provided scripts follows best practices by using bash arrays to prevent argument injection. Furthermore, the skill's instructions and internal static checks explicitly enforce the use of the read-only --permission-mode plan flag by default.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions for users to install the official @anthropic-ai/claude-code package from the NPM registry. Anthropic is recognized as a well-known and trusted technology provider.
[DATA_EXFILTRATION]: While the skill processes repository data such as git diffs and file contents to perform its primary function (code review), it does not send data to unauthorized or unknown domains. The skill also includes specific instructions for agents to warn users and check for secrets or sensitive data before passing context to the external reviewer.

claude-code-cli