The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on the execution of external CLI binaries, specifically claude and codex, to perform its core functions. It uses these tools to run code reviews, execute prompts, and perform file system operations. Evidence: SKILL.md contains numerous examples of shell commands such as codex review, claude -p, and git diff | claude.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (the code being reviewed) and passes it to an AI model with active tool permissions. Malicious instructions embedded in the codebase could potentially influence the reviewer model's behavior. Evidence: (1) Ingestion points: Untrusted data enters the agent context via git diff and file reading tools in SKILL.md. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are provided in the command templates. (3) Capability inventory: The claude CLI is explicitly granted Read, Glob, Grep, and Bash(git *) permissions in SKILL.md. (4) Sanitization: No sanitization or escaping of the diff content is performed before interpolation into the model's prompt.

cross-model-review