daft-worktree-workflow

The HookExecutor responsibly implements discovery, trust-checking, prompting, and execution of repository hooks. No evidence of backdoors, credential harvesting, or obfuscated/malicious code exists in the reviewed file. However, executing repository-provided executables is intrinsically dangerous: if a repository is marked trusted (or bypass_trust is used) hooks run with user privileges and full access to environment and filesystem, enabling potential data exfiltration, reverse shells, or destructive actions. Additional mitigations to reduce risk: keep default trust conservative (Prompt/Deny), require explicit interactive confirmation, limit or stream-capture output sizes, enforce stricter timeout and process-group killing, and consider sandboxing (unprivileged user, namespaces/containers, seccomp) for running untrusted hooks.