The Agent Skills Directory

[SAFE]: The skill implements secure temporary file management by using mktemp to create isolation and rm to ensure that sensitive diffs and summaries are deleted after processing.
[SAFE]: The skill uses defense-in-depth by enforcing a --sandbox read-only constraint on the external reviewer utility, which prevents the sub-process from modifying any project files.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes raw git diff data which could contain malicious instructions embedded in comments or code.
Ingestion points: Untrusted data is ingested from the project repository through the git diff HEAD command in SKILL.md.
Boundary markers: The skill uses clear labels within the reviewer's prompt to delineate between the agent-provided summary and the external diff content.
Capability inventory: The skill utilizes shell commands for file management and git operations, and invokes an external review tool.
Sanitization: There is no evidence of sanitization or character filtering performed on the git diff output before it is passed to the reviewer.

cmd-codex-review-unstaged