The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to run project-level commands such as composer test, npm run types, npm run lint, and ./vendor/bin/pint. While intended for validation, these commands execute scripts defined within the codebase being reviewed, which could be malicious if the repository is untrusted.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). An attacker could embed malicious instructions within the source code or pull request comments being reviewed, which the agent might inadvertently follow.
Ingestion points: The agent reads external content using the Read, Grep, and Glob tools.
Boundary markers: The skill lacks strong delimiters or 'ignore embedded instructions' warnings when passing code snippets to analysis bridges (e.g., the query parameter in mcp_gemini-bridge_consult_gemini).
Capability inventory: The skill possesses significant capabilities including Bash command execution and access to multiple LLM bridges.
Sanitization: There is no evidence of sanitization or filtering applied to the code snippets before they are analyzed or used in prompts.

code-review-checklist