The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The template in code-reviewer.md constructs shell commands by interpolating placeholders {BASE_SHA} and {HEAD_SHA} directly into a bash script block. This presents a command injection risk if these variables are populated with shell metacharacters (e.g., semicolons, pipes, or backticks).
[Indirect Prompt Injection] (LOW): The subagent ingests untrusted data that could contain malicious instructions designed to bias the review outcome. (1) Ingestion points: {DESCRIPTION}, {WHAT_WAS_IMPLEMENTED}, {PLAN_REFERENCE}, and the output of git diff. (2) Boundary markers: The template uses Markdown headers for structure but lacks explicit delimiters or 'ignore' instructions for the interpolated code content. (3) Capability inventory: The agent is authorized to execute git commands and analyze the results. (4) Sanitization: No input validation, escaping, or filtering is applied to the placeholders or the retrieved repository data before processing.

requesting-code-review