The Agent Skills Directory

[COMMAND_EXECUTION]: The 'pre' hook in the SKILL.md frontmatter uses shell interpolation of the '$TASK' variable within an 'echo' command. This pattern can lead to shell command injection if the input task string contains malicious shell metacharacters.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external code provided through the '$TASK' variable or retrieved via 'github_repo_analyze'. It lacks explicit boundary markers (such as XML tags or unique delimiters) or instructions to disregard embedded commands within the analyzed content. This creates an attack surface for indirect prompt injection, where malicious comments or strings within the code being reviewed could potentially influence the agent's behavior. Evidence of this risk is present in the core review instructions which process untrusted data without sanitization.

agent-reviewer