Skills
skills/andurilcode/ctx/rules-to-hook/Gen Agent Trust Hub

rules-to-hook

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The installer script install.mjs uses execSync to run package manager commands such as npm install or bun install to set up its environment. The learn.mjs utility also executes git ls-files to identify orphaned entries in its database.
  • [REMOTE_CODE_EXECUTION]: The harness-eval.mjs script performs dynamic loading of a JavaScript module using import() from a path relative to the hook directory (../../dist/index.js). Executing code from paths outside the skill's verified directory at runtime poses a security risk if those paths are writable by other processes.
  • [PROMPT_INJECTION]: This skill's primary function is to inject custom instructions into the agent's prompt based on rules defined in .claude/context-rules.json. This functionality creates a surface for indirect prompt injection, as any changes to this configuration file directly alter the agent's operational guidelines in subsequent sessions.
  • [EXTERNAL_DOWNLOADS]: The installer fetches the minimatch library from public registries during setup. The auto-discovery process also utilizes npx @anduril-code/ctx to perform codebase analysis, which downloads and executes a tool from the author's official package repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 01:18 PM