The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git and coderabbit CLI tools using the Python subprocess module. All command arguments are passed as lists to subprocess.run and subprocess.Popen, which prevents shell command injection vulnerabilities. User-supplied inputs such as repository paths, branch names, and configuration files are handled securely within this context.
[PROMPT_INJECTION]: Instructions in SKILL.md (e.g., "Do not add manual findings", "Keep any explanation faithful to the normalized CodeRabbit output") are intended to ensure the agent remains a deterministic reporter of the tool's output. These are benign operational constraints aimed at reliability rather than malicious overrides of safety protocols.
[DATA_EXFILTRATION]: The skill accesses local repository data and generates artifacts locally. While it relies on the external coderabbit service to perform reviews, this is its documented primary purpose, and there is no evidence of unauthorized data exposure or exfiltration to unlisted third parties.
[EXTERNAL_DOWNLOADS]: The skill requires the coderabbit CLI and git to be pre-installed on the system. It does not perform any dynamic downloads of external code or scripts at runtime.

code-review