The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it relies on the content of external findings files (.findings.md) to guide codebase modifications. If these files are populated with malicious instructions, the agent could be manipulated into suggesting or applying harmful code changes.
Ingestion points: Reads finding data from .chalk/reviews/sessions/{session}/*.findings.md in Step 2 and Step 3.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the findings data are defined.
Capability inventory: Access to Edit, Bash, Write, Read, Grep, and Glob tools as defined in the frontmatter.
Sanitization: The skill implements path validation (rejecting absolute paths and directory traversal) and requires explicit human confirmation before any file modification (Step 5.4).
[COMMAND_EXECUTION]: The skill utilizes the Edit and Bash tools to modify repository files. While the instructions prioritize the Glob tool for file discovery to mitigate command injection, the broad permission to modify files based on external suggestions constitutes a significant capability that must be monitored for abuse.

fix-findings