The Agent Skills Directory

[COMMAND_EXECUTION]: The template code-reviewer.md constructs shell commands using placeholders {BASE_SHA} and {HEAD_SHA}. Evidence: The skill uses git diff --stat {BASE_SHA}..{HEAD_SHA} and git diff {BASE_SHA}..{HEAD_SHA} to retrieve code changes. Risk: If these placeholders are populated with untrusted data that has not been validated as a legitimate Git revision, an attacker could inject shell operators to execute arbitrary commands.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it processes code changes and descriptions. 1. Ingestion points: Data enters the agent via {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, and the actual source code returned by the git diff command. 2. Boundary markers: The skill uses Markdown headers to separate sections but lacks explicit delimiters or system-level instructions to treat the analyzed code as passive data. 3. Capability inventory: The agent is tasked with evaluating code quality, identifying security issues, and providing a merge recommendation, which directly influences the development pipeline. 4. Sanitization: No sanitization, escaping, or validation of the input strings is performed before they are presented to the agent.

requesting-code-review