engineering-skills

The configuration itself is small and not overtly malicious, but it instructs automatic execution of a package-supplied shell script (./hooks/error-capture.sh) which can perform any action available to the invoking user. This is a medium-to-high supply-chain risk until the referenced script is reviewed and its behavior validated. Treat the hook as potentially dangerous: do not allow it to run in sensitive environments without inspection or sandboxing.