The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were identified in the skill. The skill is primarily instructional and analytical.
[PROMPT_INJECTION]: The skill implements a sophisticated defense against indirect prompt injection via its 'Instruction Trust' section. It explicitly classifies external data (PR comments, issue bodies, web pages) as 'untrusted work context' and prohibits them from overriding the skill's core instructions, repository configurations, or security policies.
[CREDENTIALS_UNSAFE]: The skill includes multiple explicit safety guidelines to prevent sensitive data exposure. It instructs the agent to never include sensitive values in review output and specifically warns against storing or committing provider API keys in the context of remote worker reviews.
[COMMAND_EXECUTION]: Analysis of the instructions and scope shows that the skill focuses on read-only analytical tasks and local environment checks. There is no evidence of unauthorized shell command execution, unsafe interpolation of user arguments into commands, or privileged operations.
[DATA_EXFILTRATION]: No unauthorized network activity or exfiltration patterns were detected. Remote interactions are limited to standard repository state fetching and integration with well-known services like CodeRabbit.

ziw-code-review