hooks

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This is documentation and templates for implementing Claude Code lifecycle hooks. The content aligns with its stated purpose and does not contain direct indicators of malware or obfuscated code. The main security concerns are operational: executing project-provided hook scripts gives those scripts full ability to run on the host (a known risk of plugin/hook systems), prompt-based hooks may leak sensitive inputs to whatever LLM endpoint the runtime uses, and the provided PermissionRequest example auto-approves reads by extension which is overly permissive. None of the examples show explicit credential harvesting or external exfiltration, but insecure default rules or running unreviewed project hooks could lead to data exposure. Recommend enforcing least privilege for PermissionRequest hooks, sanitizing and filtering session context before sending to external LLMs, and treating project hooks as untrusted code until reviewed/tested in a safe environment. LLM verification: This skill documentation is coherent with its stated purpose (creating and managing Claude Code hooks). It describes legitimate capabilities (command and prompt hooks, configuration locations, examples) that reasonably belong in a hook system. However, the capability to execute arbitrary local hook scripts and to send hook inputs to an LLM/remote endpoint are high-impact operations. The documentation mandates fetching remote documentation before creating hooks, which is reasonable for official d