2 medium findings.

This skill ships without a capability manifest plus 1 other issue listed below.

0 critical0 high2 medium10 rules passed

Why grade A?

score · 95 / 100

The current grade reflects 2 minor findings below all thresholds.

0 CRIT0 HIGH2 MED0 LOW

Already at the top grade — no further rules to pass.

Findings · ordered by severity

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

med

Link text shows "agents.md" but points at github.com

The visible link text contains the domain `agents.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.

rule: anchor-href-mismatchline: 1187CWE-601

▾

1185## After the PR opens

1186

1187Once the PR is open, it enters the public library repo's review contract. That contract is owned by [`mvanhorn/printing-press-library` AGENTS.md → "Automated code review with Greptile"](https://github.com/mvanhorn/printing-press-library/blob/main/AGENTS.md#automated-code-review-with-greptile); read it for the canonical version. An agent invoking this skill from `cli-printing-press` will not have loaded the library's AGENTS.md, so the obligations are summarized here.← text→agents.md · href→github.com

1188

1189Greptile reviews **incrementally**: every commit you push re-triggers a fresh review, which can surface new findings the previous round didn't. This is a loop, not a single pass — drive the PR to a *stable* green and don't declare done after round one.

Scan another →Share

skillox.io/r/crawl-sqm0xbbaalo2zhafzwaozpse