The Agent Skills Directory

[SAFE]: The skill provides legitimate static analysis patterns for auditing code changes. It uses standard tools like git, grep, and npm to inspect repository state and dependency information within the OneKey monorepo context.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute diagnostic commands. These commands are used for repository analysis (e.g., git diff, grep), environment inspection, or querying public package registries (npm view) for metadata. No evidence of destructive or malicious command injection was found.
[PROMPT_INJECTION]: No evidence of direct prompt injection, role-play bypasses, or instructions to ignore safety filters was found. The instructions are focused on the intended code auditing task.
[DATA_EXFILTRATION]: No sensitive data access or external transmission to untrusted domains was detected. Network usage via WebFetch and npm is limited to standard developer operations like checking package deprecation status.
[INDIRECT_PROMPT_INJECTION]: As a code review tool, the skill naturally processes untrusted data from Pull Request diffs and descriptions. While this creates a vulnerability surface for indirect instructions hidden in code, the skill's instructions prioritize reporting and analysis rather than executing the code under review. This surface is inherent to the skill's primary purpose and is managed by standard agent guardrails.

1k-code-review-pr