The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a shell command pipeline (echo "$ARGUMENTS" | tr ...) to sanitize user input, which presents a risk of command injection if the input is expanded by the shell environment before or during the echo command.
[COMMAND_EXECUTION]: It automatically detects and executes project build systems (npm, cargo, go, make), which involves running arbitrary code defined in the repository's own configuration files.
[COMMAND_EXECUTION]: The skill executes local shell scripts located in the .chalk directory which are managed by a separate sub-skill, representing high-privilege operations using local filesystem resources.
[DATA_EXFILTRATION]: It generates code context packages and "paste-ready" prompts containing full repository diffs and logs for use with third-party AI services, facilitating the transfer of code context out of the local environment.
[PROMPT_INJECTION]: The skill implements a fix-finding pipeline that parses instructions from potentially untrusted *.findings.md files to guide automated Edit operations, creating a surface for indirect prompt injection.
Ingestion points: git diff, git log, and *.findings.md files from the local filesystem.
Boundary markers: Absent for findings parsing.
Capability inventory: Bash, Edit, Write, Glob, Read tools are utilized throughout the pipeline.
Sanitization: Includes path validation to ensure file edits are relative and restricted to the repository.

review-changes