The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill promotes 'prompt-based' hooks that interpolate untrusted data (tool inputs like shell commands or file contents) directly into instructions for an LLM to evaluate safety. This creates an attack surface where malicious data could override the hook's logic.
Ingestion points: Use of $TOOL_INPUT variables in hook prompts defined in hooks/hooks.json and documented in references/migration.md and references/patterns.md.
Boundary markers: None are present in the provided documentation examples; untrusted variables are placed directly in the prompt string.
Capability inventory: Hooks have the authority to approve, deny, or ask regarding the execution of tools like Bash or Write (file system operations).
Sanitization: No explicit sanitization or escaping of the tool input is shown in the provided patterns.
Dynamic Execution (LOW): The utility script scripts/test-hook.sh is designed to execute local hook scripts for testing purposes. It wraps execution in a timeout command but otherwise executes the provided file path directly, which is consistent with its primary purpose as a developer tool.

hook-development