ac-stop-hook-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads from
feature_list.jsonand.claude/autonomous-state.jsonto determine its next actions and the reason for its decisions. - Ingestion points: Reads
feature_list.jsonand.claude/autonomous-state.jsonusingjson.load()inscripts/stop_hook_analyzer.py. - Boundary markers: None identified. The content from these files is interpolated directly into the 'reason' field and potentially returned to the agent context.
- Capability inventory: The skill itself only performs file reads and logic checks, but it is designed to control the flow of an autonomous agent ('Two-Claude pattern'), which likely has broader capabilities.
- Sanitization: The code does not sanitize the
descriptionoridfields fromfeature_list.jsonbefore including them in thereasonstring. - [Data Exposure & Exfiltration] (SAFE): The skill accesses local configuration files within the project directory. While these contain metadata about the project state, there is no evidence of hardcoded credentials or network exfiltration logic.
Audit Metadata