hook-development

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is not overtly malicious but includes multiple high‑risk capabilities and examples (arbitrary command hooks executing plugin scripts, prompt hooks with broad I/O, examples of curl/psql/nc network calls, writing persistent env/audit files, flag-file activation and cross-event state) that make it trivial to implement data exfiltration, remote command execution, supply‑chain/backdoor behaviors, or credential leakage if a malicious plugin or hook is introduced; treat hook execution and plugin installation as a high-risk attack surface.