The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill defines a workflow for processing untrusted external code review feedback but incorporates strong defensive instructions to mitigate injection risks. * Ingestion points: External reviewer feedback as described in the evaluation patterns in SKILL.md. * Boundary markers: Explicit verification steps, such as checking suggestions against 'codebase reality' and 'all platforms/versions,' serve as boundary logic. * Capability inventory: The skill references the use of 'grep' for codebase usage checks and the 'gh' CLI for interacting with GitHub PR comments. * Sanitization: The core requirement of the skill is technical verification and reasoned pushback, which acts as a manual sanitization layer for instructions received via external feedback.

receiving-code-review