The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git commands, including git rev-parse, git log, and git diff, to identify commit ranges and extract source code changes for analysis. These operations are performed within the local environment where the repository resides.- [COMMAND_EXECUTION]: A potential risk of shell command injection exists in code-reviewer.md. The template interpolates {BASE_SHA} and {HEAD_SHA} variables directly into shell commands: git diff --stat {BASE_SHA}..{HEAD_SHA}. If these variables are populated with malicious shell metacharacters (e.g., ;, &&, or |) from an untrusted source, it could lead to unauthorized command execution.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the code reviewer subagent processes untrusted data (source code changes) which may contain malicious instructions hidden in comments or strings.
Ingestion points: Source code content retrieved via git diff commands in code-reviewer.md.
Boundary markers: The template uses Markdown headers to separate sections but lacks specific delimiters or "ignore instructions" warnings to wrap the untrusted code content.
Capability inventory: The subagent has the capability to execute shell commands and generate structured review feedback.
Sanitization: There is no evidence of sanitization or escaping of the diff output or the git identifiers before processing.

requesting-code-review