The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive local command execution using the Bash tool. It runs various git commands (diff, status, ls-files, add), language-specific formatters and linters (go fmt, go vet, npm run lint:fix, black, ruff), and a third-party CLI utility named codex.
[PROMPT_INJECTION]: The instructions employ forceful language such as Mandatory, Critical, and don't ask user to do it manually to compel the agent to perform actions like file staging and CHANGELOG modification without user intervention. This behavior circumvents standard user confirmation patterns. Additionally, the skill contains an indirect prompt injection surface. 1. Ingestion points: Local source code and diffs obtained via git diff and git status (SKILL.md). 2. Boundary markers: Absent; code content is passed directly to analysis tools without delimiters or instructions to ignore embedded directives. 3. Capability inventory: File modification via the Edit tool and command execution via Bash (git, linters, codex). 4. Sanitization: Absent; no validation or filtering is performed on the code content before processing.
[DATA_EXFILTRATION]: Local code and change summaries are transmitted to the external Codex service via the codex CLI. While this is the skill's intended purpose, it represents a data exposure risk as potentially sensitive or proprietary information is sent to a third-party endpoint.

codex-review