The Agent Skills Directory

[COMMAND_EXECUTION]: The hunk session reload -- <command> instruction in SKILL.md allows the agent to execute subcommands. While the documentation provides examples for diff and show, the command structure is a common pattern for passing and executing arbitrary commands through a subprocess.\n- [DATA_EXFILTRATION]: The skill accesses local repository content and diff patches using hunk session review --repo . --include-patch --json. While this is required for the skill's primary purpose of code review, it grants the agent access to potentially sensitive source code and repository data.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from diff sessions.\n
Ingestion points: hunk session review and hunk session context commands in SKILL.md fetch content from external git repositories.\n
Boundary markers: No explicit delimiters or instructions are provided to the agent to treat diff content as data rather than instructions.\n
Capability inventory: The agent possesses the ability to execute commands via hunk session reload and modify session state by adding or applying comments via hunk session comment commands in SKILL.md.\n
Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested diff data before it is processed by the agent.

hunk-review