The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/run_dual_axis_review.py uses subprocess.run to execute pytest on test directories discovered in the project specified by the --project-root argument. This enables the execution of arbitrary Python code if the project being reviewed contains malicious logic in its test_*.py files. This is a primary feature of the skill but presents a risk when reviewing untrusted repositories.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing content from external skill files and interpolating it into a prompt for a secondary LLM review step.
Ingestion points: scripts/run_dual_axis_review.py reads SKILL.md and script files from the target project directory.
Boundary markers: The build_llm_prompt function uses markdown headers to separate sections but lacks explicit delimiters or instructions to ignore embedded commands within the analyzed data.
Capability inventory: The script performs file system reads and executes shell commands via subprocess.
Sanitization: No sanitization or escaping of the interpolated skill data (such as finding messages or file paths) is performed before being added to the review prompt.

dual-axis-skill-reviewer