The Agent Skills Directory

[SAFE]: All operations, including git status, git diff, and code searching via grep or ripgrep, are performed locally within the user's repository environment. No external network connections or remote downloads are initiated.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code and comments from the repository (SKILL.md). It lacks explicit boundary markers to distinguish code data from agent instructions and does not sanitize ingested content. The skill possesses capabilities to read files and implement changes (Step 7), but the associated risk is considered low as it is inherent to the tool's primary function and is mitigated by the requirement for manual user approval.

code-review-expert