Hook Development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill documents 'Prompt-based hooks' (references/migration.md and references/patterns.md) which interpolate untrusted tool input into LLM prompts, creating a surface for Indirect Prompt Injection. Evidence: 1. Ingestion points: $TOOL_INPUT.command and $TOOL_INPUT.content are used directly. 2. Boundary markers: Absent in prompt templates; input is simply prepended with labels like 'Command:'. 3. Capability inventory: Hooks are intended to regulate high-privilege tools like Bash and Write. 4. Sanitization: No sanitization or escaping of interpolated variables is demonstrated.
- [COMMAND_EXECUTION] (SAFE): scripts/test-hook.sh executes local scripts for testing, which is the intended behavior for this developer utility and involves no remote code or obfuscation.
- [DATA_EXFILTRATION] (SAFE): examples/load-context.sh writes environment variables to $CLAUDE_ENV_FILE for legitimate project type detection (e.g., identifying Node.js or Rust projects).
Audit Metadata