The Agent Skills Directory

[SAFE]: The skill serves as a modular documentation repository. The primary file SKILL.md defines the scope of the agent's behavior, focusing on constructive feedback and systematic analysis of code quality and security.
[COMMAND_EXECUTION]: The skill requests the Bash tool to run linting, testing, and build commands (e.g., npm test, pytest, cargo check). This is explicitly documented in SKILL.md as a method to verify code quality during the review process and is restricted by the agent's environment.
[EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to allow the agent to consult the latest documentation and best practices. This is a standard capability for an AI assistant focused on modern framework support like React 19 or Vue 3.5.
[REMOTE_CODE_EXECUTION]: The project includes a local Python script scripts/pr-analyzer.py. Analysis of this script confirms it is a utility for parsing git diffs to calculate complexity scores and identify risk factors (e.g., lack of tests, large changes). It does not perform any dangerous operations such as arbitrary command execution, network requests, or dynamic code evaluation.
[DATA_EXFILTRATION]: There is no evidence of logic designed to exfiltrate sensitive data. The reference/security-review-guide.md includes educational examples of hardcoded credentials to help the agent identify and flag them in user code, but the skill itself contains no secrets or exfiltration endpoints.
[PROMPT_INJECTION]: The instructions provided in SKILL.md are aligned with the agent's intended role. They encourage the agent to prioritize critical issues and provide educational feedback without attempting to bypass safety filters or override system constraints.

code-review-excellence