Adversary Review

Name, description, and runtime instructions all focus on having a second AI review drafts; no unrelated binaries, env vars, or installs are requested. The resources the skill uses (a model API) are proportional to its goal.

Instructions explicitly tell the agent to spawn a reviewer sub-agent and send the draft to the configured model API. This is coherent, but the SKILL.md makes claims (e.g., 'Only the draft text (not full conversation history) is shared', 'Review exchanges are not persisted', 'skip review automatically for sensitive drafts') without specifying how those guarantees are implemented. The policy for detecting 'sensitive data' is left to the agent's discretion, which is vague and could lead to accidental data exposure if misapplied. Also the sessions_spawn mechanism might, depending on platform behavior, include more context than the file-only draft — the skill doesn't document how to force minimal context.

Instruction-only skill with no install spec or code files; nothing is written to disk and no external downloads are required, which minimizes install-time risk.

The skill declares no required env vars or credentials, which is appropriate. However, it will implicitly use the agent's configured model provider credentials (to call sessions_spawn / provider APIs). That implicit use is expected for a reviewer, but users should be aware it causes additional API calls and transmits draft text to the provider.

Skill is not always: true, does not request elevated or persistent system privileges, and does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not excessive here.