The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a series of bash commands, including mktemp for temporary file creation, cat for file writing, and rm for cleanup. It also invokes the codex exec binary, which is a vendor-provided CLI tool used to perform the plan review.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes implementation plans that may contain untrusted or externally-influenced data.
Ingestion points: Implementation plans are retrieved from the conversation history or previous agent outputs.
Boundary markers: The plan data is passed to the external codex tool via standard input (stdin), providing a clear separation between the tool's instructions and the data being processed.
Capability inventory: The skill utilizes file system access (writing and deleting temporary files) and the execution of the codex CLI tool.
Sanitization: The skill employs a quoted heredoc ('PROMPT') for the Codex review instructions to prevent shell variable expansion and uses stdin for the plan content to mitigate command injection risks.

cmd-codex-review-plan