The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute standard version control commands including git diff, git log, and gh pr view. These operations are limited to gathering context for the review process and are consistent with the skill's primary purpose.
[DATA_EXPOSURE]: The skill requires access to the local filesystem and repository metadata to perform analysis. It specifies reading modified functions, classes, and surrounding context to ensure review quality. This access is inherent to the task of code auditing and does not involve unauthorized data access or exfiltration to external domains.
[SAFE]: The skill includes guidelines for identifying security vulnerabilities (OWASP top 10) and logic bugs within the code being reviewed, which enhances the security posture of the project it is used on.
[INDIRECT_PROMPT_INJECTION]: As a code review tool, the skill naturally ingests untrusted data from diffs and pull requests. While this presents a potential attack surface, the risk is mitigated by the skill's highly structured instructions and the agent's own safety guardrails.

review-changes