hooks-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports WebFetch/WebSearch tool input in PreToolUse (see SKILL.md and references/hook-events-reference.md where PreToolUse lists WebFetch/WebSearch with a url field) and documents prompt/agent hooks that send that hook input to LLMs or subagents for decisions, so arbitrary public web content (untrusted URLs) can be read and materially influence hook decisions and subsequent tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill explicitly enables running arbitrary shell commands and spawning subagents with file-tool access "with your full user permissions," which can be used to modify system files, create accounts, or otherwise change the host state even though it doesn't explicitly give malicious instructions.