hooks-eval
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface by ingesting external hook files (Python scripts and JSON configurations) for analysis as its primary function.
- Ingestion points: Evaluation commands like /analyze-hook and /hooks-eval read files from the hooks/ directory.
- Boundary markers: Documentation explicitly advises on input validation and the use of allowlists.
- Capability inventory: The skill performs static and potentially dynamic analysis of hook behavior to detect vulnerabilities.
- Sanitization: The framework includes scoring penalties for hooks that fail to implement input validation or sanitize logs.
Audit Metadata