create-hook
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Comm a n d Execution] (HIGH): The skill permit s the registration of un verif i e d shell comm a n d s tha t are trig g e r e d by agen t activit i e s (e.g., PostToolUse), providin g a direc t path to arbitrary code execution.
- [Persisten c e Mechan i sm s] (HIGH): By modi f y i n g '.clau d e /hook s /hook s.json', the skill in stall s comm a n d s tha t persis t beyon d the curren t session an d run auton omou sly with ou t explici t re-approval.
- [In direc t Prom p t In jec tion] (LOW): The skill create s a sig n i f i c a n t attack surf a c e where maliciou s extern a l con ten t coul d in struc t the agen t to create a hook tha t steal s data durin g ever y sub s equen t tool use. Eviden c e Chain: 1. In gestion poin t s: Comm a n d in pu t deriv e d from prom p t con tex t. 2. Boun d ary mark e r s: Non e presen t. 3. Capabil i t y in ven tor y: 'Write' tool acces s to sen sitiv e hid d e n con f i g uration f i l e s. 4. San itiz ation: No valid ation or f i l terin g of the sub mit t e d comm a n d s.
Recommendations
- AI detected serious security threats
Audit Metadata