The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires an external component downloaded via npx github:lploc94/codex_skill. This dependency is hosted on the author's GitHub repository and is used to extend the capabilities of the required Codex CLI.
[COMMAND_EXECUTION]: The skill performs extensive local command execution, including running a Node.js runner script and various git operations such as git diff, git log, git add, and git commit. It also interacts with the codex CLI to perform code analysis. These operations are core to the skill's functionality for reviewing and patching code.
[PROMPT_INJECTION]: The review workflow is susceptible to indirect prompt injection because it interpolates uncommitted code changes and user-provided strings into prompt templates via placeholders like {USER_REQUEST} and {SESSION_CONTEXT}.
Ingestion points: User request descriptions and repository data (diffs, commit logs) are read from the local environment (SKILL.md, references/workflow.md).
Boundary markers: Prompts use structured headers but lack hardened delimiters or explicit instructions to the LLM to ignore potentially malicious content embedded within the code being reviewed (references/prompts.md).
Capability inventory: The skill has the capability to write to the local filesystem (applying fixes) and execute shell commands via the runner and git CLI (SKILL.md, references/workflow.md).
Sanitization: There is no evidence of sanitization or validation performed on the code diffs or user requests before they are placed into the prompt context.

codex-impl-review