The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands including git log, git diff, and bun run check. These operations are standard for development workflows to identify the scope of code changes and run project-specific linting or testing suites.
[CREDENTIALS_UNSAFE]: The skill includes a proactive security check that uses grep to scan for hardcoded secrets, passwords, and API keys. This is a defensive audit mechanism designed to improve the security of the project being reviewed.
[PROMPT_INJECTION]: The skill is identified as having a surface for Indirect Prompt Injection (Category 8) due to its data processing nature.
Ingestion points: Untrusted data enters the agent context through git log and git diff outputs as specified in SKILL.md.
Boundary markers: Absent. The skill does not explicitly define delimiters to separate analyzed code from instructions.
Capability inventory: The skill possesses the ability to execute shell commands (git, bun) and perform external searches using tool integrations.
Sanitization: Absent. The agent processes raw source code diffs directly.
Conclusion: The risk is considered minimal and inherent to the functionality of a code review tool; results are reviewed by a human developer before merging code.

code-review