The Agent Skills Directory

COMMAND_EXECUTION (LOW): The file code-reviewer.md generates bash commands by directly interpolating placeholders such as {BASE_SHA} and {HEAD_SHA} into a git diff block. If these placeholders are populated with untrusted strings containing shell metacharacters (e.g., semicolons or pipes), it could lead to arbitrary command execution on the host system.
PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes data from potentially untrusted project files and plans. 1. Ingestion points: Data enters the agent's context through {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, and the file content retrieved via git diff. 2. Boundary markers: Absent. There are no clear delimiters or specific instructions to the subagent to disregard instructions found within the code or requirements documents. 3. Capability inventory: The skill has the capability to execute shell commands (git) and provide code analysis. 4. Sanitization: None. The skill does not sanitize or escape the content of the requirements or the code diff before presenting it to the subagent for review.

requesting-code-review