The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through placeholders in the code-reviewer template.
Ingestion points: The {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} placeholders in code-reviewer.md ingest content from local project files or agent-generated descriptions.
Boundary markers: Absent. The template does not use specific delimiters (like XML tags or triple quotes with instructions) to separate untrusted data from the system instructions.
Capability inventory: The subagent executes shell commands (git diff, git log) and its output is used to determine if a task is complete.
Sanitization: Absent. The skill does not provide instructions to escape or validate the input content before interpolation.
[COMMAND_EXECUTION]: The skill involves the execution of local git commands to retrieve and compare code changes.
Evidence: Both SKILL.md and code-reviewer.md include shell commands such as git rev-parse, git log, and git diff. These are standard tools for identifying changes between commits and are used here for their intended purpose without requesting elevated privileges.

requesting-code-review