The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Node.js scripts (detect-clis.mjs, invoke-cli.mjs) to discover and execute local AI CLI binaries from the system's $PATH. While these scripts use safe execution methods like spawnSync and execFileSync, they rely on the integrity of the user's environment. Additionally, the suggested shell instructions in references/cross-model-handoff.md for cross-model review use a heredoc (<< 'EOF') to prepare prompts; if the code being reviewed contains the delimiter on its own line followed by malicious commands, it could lead to command injection.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where instructions embedded in the code being reviewed could influence the audit results. (1) Ingestion points: The skill ingests untrusted code and diffs via $ARGUMENTS as defined in SKILL.md. (2) Boundary markers: The instructions recommend using a --- CODE TO REVIEW --- delimiter in references/cross-model-handoff.md. (3) Capability inventory: The skill can read local files, run git/gh commands, and execute local binaries via invoke-cli.mjs. (4) Sanitization: No sanitization is performed on the ingested code snippets before processing.

code-reviewer