hunk-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local shell commands via the
hunkCLI. This includes inspecting session state (hunk session list,get), navigating file diffs (hunk session navigate), and modifying session contents (hunk session reload). It also uses pipes to send JSON payloads to the CLI (printf ... | hunk session comment apply). - [INDIRECT_PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by ingesting untrusted data from the local repository and live diff sessions through
hunk session review --jsonandhunk session context. - Ingestion points: Diff content and file structures are read into the agent's context in
SKILL.mdvia thereviewandcontextcommands. - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the code diffs being reviewed.
- Capability inventory: The agent can execute commands (
hunk session reload) and write data back to the session (hunk session comment add/apply). - Sanitization: There is no mention of sanitizing or escaping the diff content before processing.
Audit Metadata