The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its autonomous fix loop logic.
Ingestion points: The skill ingests untrusted data from the local repository, including file contents retrieved via git diff and specifications from spec.md (Step 3 and Step 4).
Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the files being reviewed, which could allow malicious code comments to influence the fix suggestions.
Capability inventory: The skill possesses significant capabilities, including dispatching sub-agents and, most critically, the ability to read and write directly to source code files to apply "fixes" without user approval (Step 7).
Sanitization: No sanitization or human-in-the-loop verification is performed on the AI-generated fixes before they are committed to the filesystem.
[COMMAND_EXECUTION]: The skill executes several local command-line operations and external utility binaries.
Git Operations: Uses git diff, git symbolic-ref, and git add to manage the review process and stage fixes.
External Tools: Invokes coderabbit and copilot CLIs if available in the environment to perform external reviews. These are recognized as standard developer tools but represent external code execution paths.

deep-review