The Agent Skills Directory

Prompt Injection (SAFE): No instructions attempt to bypass safety filters or override agent behavior. The guidelines actually promote technical skepticism and rigor, which serves as a defense against sycophancy.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths are present. There are no network-based data transfer operations identified.
Obfuscation (SAFE): No hidden or encoded content (Base64, zero-width characters, etc.) was identified.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill uses standard local commands (git rev-parse, git log). No remote script execution or untrusted package installations are present.
Privilege Escalation (SAFE): No commands for acquiring elevated permissions (e.g., sudo, chmod 777) were found.
Persistence Mechanisms (SAFE): No attempts to maintain access across sessions (e.g., shell profiles, cron jobs) were detected.
Metadata Poisoning (SAFE): Metadata accurately reflects the skill's purpose without misleading or deceptive instructions.
Indirect Prompt Injection (SAFE): The skill is designed to process external code review feedback, which is an ingestion point for untrusted data. However, it explicitly instructs the agent to evaluate suggestions skeptically and verify them against the codebase before implementation, effectively mitigating the risk.
Ingestion points: Code review comments from 'External Reviewers' (referenced in references/code-review-reception.md).
Boundary markers: Absent, though the protocol mandates verification against the codebase as a logical gate.
Capability inventory: Git commands, subagent dispatch via the Task tool.
Sanitization: Not explicitly implemented as code, but the protocol requires human/manual evaluation.
Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or external triggers was found.
Dynamic Execution (SAFE): No runtime code generation or unsafe deserialization patterns were detected.

code-review