The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the @openai/codex CLI tool globally using npm. This package is maintained by OpenAI, which is a recognized trusted organization.
[COMMAND_EXECUTION]: Shell commands are utilized for creating unique review IDs, generating temporary JSON schemas in /tmp, and executing the Codex CLI. The skill validates the generated REVIEW_ID using a regex pattern (^[0-9]{8}-[0-9]{6}-[0-9a-f]{6}$) before use, which prevents potential path traversal attacks during file operations in the temporary directory.
[PROMPT_INJECTION]: The skill features an indirect prompt injection surface because it reads external project files (spec.md, prd.json) and passes their content to a remote model. Maliciously crafted content within these documentation files could attempt to override the agent's instructions during the review process. This risk is addressed by explicit instructions for the agent to exercise independent judgment and by the presence of a user-controlled feedback loop.
Ingestion points: Content is read from spec.md, prd.json, and brainstorm.md within the user-provided ${PLAN_FOLDER} (referenced in SKILL.md Steps 2, 3, and 6b).
Boundary markers: The file content is contained within heredoc blocks during the codex exec call, though no specific isolation delimiters or "ignore instructions" tags are used for the content itself.
Capability inventory: The skill possesses capabilities for network interaction via codex exec and local file system modifications via git checkout and direct file writes (referenced in SKILL.md Steps 3, 5, and 6).
Sanitization: While the script-generated REVIEW_ID is strictly validated, the text content within the plan files is not sanitized or escaped before being included in the prompt.

codex-plan-review