The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection as its primary role is to read and analyze untrusted external code.
Ingestion points: Reads code files using Read, Grep, and Glob tools.
Boundary markers: Absent; there are no instructions for the agent to distinguish between its own logic and instructions that might be embedded in the code being reviewed.
Capability inventory: The agent has significant capabilities including Bash (restricted to npm/git), Write, and Edit tools.
Sanitization: No sanitization or validation of the input code is specified before processing.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses npx to run eslint, prettier, and snyk. While npx downloads code, these are industry-standard, trusted tools used within their expected context.
[Command Execution] (SAFE): Bash usage is appropriately restricted to npm and git commands, which aligns with the stated purpose of code quality and security scanning.
[Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials or sensitive file exfiltration was found. The use of npm audit and snyk are legitimate security practices.

code-reviewer