The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill involves reading external source code files, which is an ingestion point for untrusted data. However, the risk is negligible as the skill only performs static analysis and lacks executable capabilities or network access. Evidence: 1. Ingestion points: Read all Go files in the CLI project (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: No dangerous capabilities (subprocess, network, or file-write) are present; 4. Sanitization: Absent. The primary purpose of the skill is to provide a structured review framework, and its reference materials correctly identify security risks like shell injection and credential exposure as anti-patterns to be flagged.

golang-cli-review