The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard developer tools including git, gh (GitHub CLI), node, and find to perform its core functions of retrieving code changes and interacting with pull requests. These operations are scoped to the project environment and the user's authenticated GitHub session.
[DYNAMIC_EXECUTION]: It dynamically locates a local companion script (codex-companion.mjs) within the platform's plugin cache (~/.claude/plugins/cache/openai-codex) and executes it using node. This is an intended integration for the environment and uses controlled subcommands (review, adversarial-review) rather than arbitrary user input.
[INDIRECT_PROMPT_INJECTION]: As the skill processes untrusted code from pull requests and local diffs, it represents an indirect injection surface. However, it employs several mitigation strategies: it uses structured prompts with boundary markers (e.g., ## Constraints), explicitly instructs sub-agents to remain read-only, and features a mandatory cross-validation step (Step 4) where the main agent verifies findings against the source code and git history to filter out false positives or malicious hallucinations.

code-review