writing-hookify-rules
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Category 8: Indirect Prompt Injection] (SAFE): The documentation describes a mechanism where local configuration files in the
.claude/directory are used to provide instructions to the agent based on event triggers. This represents a potential vulnerability surface for indirect prompt injection if malicious rules are present in a project, but the documentation itself is safe and suggests using.gitignoreto prevent rule sharing. - Ingestion points: Rules are read from
.claude/hookify.*.local.mdfiles. - Boundary markers: Not explicitly defined in the rule structure; rule messages are injected directly as context.
- Capability inventory: Rules can trigger on
bashcommand execution,fileoperations, and userpromptcontent. - Sanitization: None described for the markdown message body.
- [Category 6: Persistence Mechanisms] (SAFE): The documentation explains how to create persistent rule files that influence the agent across different sessions within a project. This is the intended functionality of the framework.
- [General Security] (SAFE): The skill contains no executable code, remote downloads, or obfuscation. It includes helpful security patterns such as monitoring for
sudo,rm -rf, and.envfile modifications.
Audit Metadata