The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git diff to identify modified files and executes several grep patterns to detect violations of project-specific standards, such as improper package naming, the use of prohibited utilities, and audit field naming conventions.
[COMMAND_EXECUTION]: It calls a Python script (codex_bridge.py) located in an external skill directory (.claude/skills/collaborating-with-codex/scripts/) to perform advanced logic reviews, introducing a cross-skill dependency on local resources.
[DATA_EXFILTRATION]: In Phase 3, the skill prepares and sends file paths and code content to an external Codex API for analysis. This is a functional requirement for the deep review feature and is explicitly presented as an optional user choice.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it processes untrusted content from source code files which could contain instructions designed to mislead the review process.
Ingestion points: Reads content from files identified via git diff in Phase 2 and Phase 3 of the workflow.
Boundary markers: Uses structured labels within the Codex prompt (e.g., 'FILES TO REVIEW', 'PROJECT CONTEXT') but does not implement robust isolation or escaping for the ingested code content.
Capability inventory: Utilizes git, grep, python3, and standard file editing tools to analyze and remediate code quality issues.
Sanitization: No content sanitization or instruction-filtering is applied to the source code before it is processed by the agent or the external service.

codex-code-review