The Agent Skills Directory

[COMMAND_EXECUTION]: The skill leverages local command-line tools including git and gh (GitHub CLI) to retrieve repository state, generate diffs, and fetch Pull Request information. These commands are used legitimately to gather the necessary context for performing code reviews within the user's project environment.
[PROMPT_INJECTION]: By processing external code diffs and documentation, the skill is subject to indirect prompt injection where adversarial code could attempt to influence the review outcome or the generated patches. This is a known risk for code analysis tools, and the skill mitigates this by using multiple independent review layers and requiring human confirmation for applying any automated fixes.
[SAFE]: The skill adheres to security best practices for developer tools. It does not perform unauthorized network requests, hardcode credentials, or attempt to persist itself on the system. All significant actions, such as modifying source code or updating project tracking files, are gated by user approval.

bmad-code-review