The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several shell commands using the Bash tool, including git diff, git log, git fetch, and gh pr view. These are standard operations for a code review tool and are used to gather context about changes in the current branch.
[REMOTE_CODE_EXECUTION]: The skill uses the Agent tool to execute a background process via the codex CLI. The command codex exec review --base $BASE ... is used to trigger a parallel peer review. While this involves executing a command with a variable ($BASE), the variable is derived from git or gh commands, which are relatively safe in a developer environment.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of code diffs and git logs (Steps 0, 1, and 5). This presents a surface for indirect prompt injection if malicious code is designed to trick the AI into applying harmful 'fixes'. However, the skill explicitly mitigates this with a mandatory 'Iron Rule' in Step 4, requiring the agent to verify the technical correctness of all suggestions and peer review feedback before implementation.
Ingestion points: Reads code diffs via git diff origin/$BASE...HEAD (Step 1) and external CLI output from /tmp/peer-review-output.md (Step 5).
Boundary markers: None explicitly defined in the file content reading phase.
Capability inventory: Permissions include Edit (Step 3: AUTO-FIX), Bash (Steps 0, 1), and Agent (Step 0.5).
Sanitization: Instructions mandate manual verification ('Iron Rule: Verify before implementing') and technical correctness checks (Step 4, Step 5).

review