The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the code reviewer subagent processes external data (git diffs and task descriptions) which may contain adversarial instructions designed to influence the review result.\n
Ingestion points: code-reviewer.md template placeholders ({DESCRIPTION}, {WHAT_WAS_IMPLEMENTED}) and the raw output of git diff commands.\n
Boundary markers: Absent; the template uses standard headers but does not include explicit delimiters or 'ignore' instructions for the processed content.\n
Capability inventory: Access to the git CLI and the ability to execute code-reviewer subagent tasks.\n
Sanitization: No sanitization or escaping is performed on the data injected into the subagent prompt.\n- [COMMAND_EXECUTION]: The instruction template in code-reviewer.md includes a bash block that performs string interpolation for {BASE_SHA} and {HEAD_SHA}. This creates a potential command injection vector if the values for these variables are sourced from untrusted inputs without proper validation or sanitization by the execution environment.

requesting-code-review