Skills
NYC
skills/aj-geddes/useful-ai-prompts/git-hooks-setup/Gen Agent Trust Hub

git-hooks-setup

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): In the Node.js pre-commit hook example, the script uses execSync to run eslint and prettier. It retrieves staged filenames using git diff and interpolates them directly into a shell string: execSync(npx eslint ${stagedFiles} --fix). This is vulnerable to command injection if a file in the repository has a malicious name containing shell metacharacters (e.g., ; rm -rf / ;.js).
  • EXTERNAL_DOWNLOADS (LOW): The skill references external dependencies and hooks from the npm registry and various GitHub repositories (e.g., pre-commit/pre-commit-hooks, psf/black). These are well-known and trusted sources in the developer community, downgrading the severity per the trust-scope rule.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from the local file system (filenames) and commit messages. While no explicit prompt injection was found, the lack of input sanitization in Example 2 creates a vulnerability surface where external data (filenames) can control system execution paths.
  • Ingestion points: Filenames retrieved via git diff --cached --name-only in the Node.js pre-commit script.
  • Boundary markers: None present; the script assumes filenames are safe strings.
  • Capability inventory: execSync calls used to run linting, formatting, and git commands.
  • Sanitization: None; filenames are joined with spaces and used as raw strings in shell execution strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:09 PM