The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The code-reviewer.md template interpolates external data such as {DESCRIPTION} directly into agent instructions without delimiters. 1. Ingestion points: code-reviewer.md placeholders ({WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, {PLAN_REFERENCE}). 2. Boundary markers: Absent. No delimiters distinguish instructions from user-provided content. 3. Capability inventory: Shell command execution via git diff. 4. Sanitization: Absent. No escaping or validation is performed on inputs.
[COMMAND_EXECUTION] (LOW): The skill uses shell commands with variable interpolation (e.g., git diff {BASE_SHA}..{HEAD_SHA}). While intended for git SHAs, these could be vectors for shell injection if inputs are not strictly validated as hex strings.

peer-review-initiator