The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill is designed to process untrusted data from Pull Request titles, descriptions, and JIRA tickets to inform its review logic.
Ingestion points: PR metadata and JIRA ticket details retrieved via MCP tools.
Boundary markers: The skill employs <thinking> tags for internal reasoning, providing a degree of separation between processing and output, though it lacks explicit 'ignore' instructions for the ingested content.
Capability inventory: The skill's capabilities are restricted to generating textual feedback. It lacks permission to execute shell commands, write to the filesystem, or perform network requests to arbitrary domains.
Sanitization: No explicit sanitization of ingested text is performed, but the lack of dangerous capabilities mitigates the risk.
Data Exposure & Exfiltration (SAFE): The skill provides guidance on identifying security anti-patterns (e.g., hardcoded keys or plaintext storage) in the code being reviewed. It does not contain hardcoded credentials or instructions to exfiltrate data.
Remote Code Execution (SAFE): While the skill mentions build commands like ./gradlew test in its documentation and checklists, these are provided as examples for the reviewer's feedback and are not intended for execution by the agent itself.

reviewing-changes