The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automatically identifies and executes type-checking commands from the local repository (such as npm run typecheck, npx tsc, mypy, or cargo check). This involves executing potentially arbitrary code defined in files like package.json or pyproject.toml belonging to the repository being reviewed.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @openai/codex CLI tool from the public NPM registry. As this originates from a well-known service (OpenAI), the reference itself is considered a standard operational requirement.
[PROMPT_INJECTION]: The skill implements an iterative loop that parses prose and structured findings from the OpenAI Codex LLM to automatically apply code fixes via the Edit tool. This creates a surface for indirect prompt injection where malicious or erroneous suggestions from the external model could lead to unintended modifications of the local codebase.
Ingestion points: Findings are ingested from the output of the Codex CLI stored in /tmp/codex-review-findings.md.
Boundary markers: The skill does not use explicit boundary markers or 'ignore' instructions when parsing the external findings.
Capability inventory: The agent is granted Read, Edit, and Bash capabilities to fulfill the review and fix cycle.
Sanitization: There is no validation or sanitization of the suggestions provided by the external model before the agent attempts to implement them.
[COMMAND_EXECUTION]: The skill utilizes a shell script scripts/codex-review.sh to execute the Codex CLI. While the script employs double-quoting for variables like FOCUS and BASE_BRANCH to mitigate basic shell injection, it still performs operations based on user-supplied strings within a powerful Bash execution environment.

codex-review-loop