Skills
skills/adaptationio/skrillz/ac-hooks-manager/Gen Agent Trust Hub

ac-hooks-manager

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill modifies .claude/settings.json to register local shell scripts (autonomous-loop.sh, validate.sh) as persistent hooks that execute on every 'Stop', 'PreToolUse', and 'PostToolUse' event.
  • Evidence: The install_hook and install_stop_hook functions programmatically update application configuration to point to executable scripts.
  • DATA_EXFILTRATION (LOW): The autonomous-loop.sh script accesses sensitive session data, including conversation transcripts and current working directory state.
  • Evidence: The script reads transcript_path and cwd from JSON input provided during the 'Stop' event.
  • EXTERNAL_DOWNLOADS (LOW): The skill utilizes npx to execute formatting tools, which may download packages at runtime.
  • Evidence: The 'PostToolUse' hook configuration uses npx prettier --write "$FILE".
  • INDIRECT PROMPT INJECTION (LOW): The skill implements a decision-making loop that processes external transcript data to decide whether to 'block' agent termination.
  • Ingestion Points: transcript_path is passed to analyze.py via autonomous-loop.sh.
  • Boundary Markers: None identified; transcript content is processed as-is.
  • Capability Inventory: The skill can modify local files, execute shell commands, and override agent termination logic.
  • Sanitization: No sanitization of the transcript content is performed before analysis, allowing an attacker to potentially influence the 'CONTINUE' decision.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:29 PM