git-hooks

[Skill Scanner] Natural language instruction to download and install from URL detected Overall, the fragment describes conventional, safe-in-context Git-hook automation for code quality across Node.js and Python environments. It enables local quality enforcement with configurable tooling. The main caution is to restrict or monitor the use of emergency bypass (--no-verify) and ensure consistent ecosystem configurations to prevent drift. LLM verification: This skill is functionally benign and consistent with its stated purpose of configuring Git hooks for linting, formatting, testing, and commit-message validation. However, it includes several supply-chain risk patterns: unpinned installs (pip and npm), commands that trigger download-and-execute (npx, pip install), and instructions that create hooks which execute repository code during commit/push. These are legitimate for the task but increase exposure to dependency or repository-level compromis