The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill provides recipes that use subprocess.run to execute external tools like Ruff and Pyright for code quality. This behavior is the primary intended purpose of the hook automation skill.
[EXTERNAL_DOWNLOADS] (LOW): Uses PEP 723 metadata to define Python dependencies (e.g., httpx) and mentions Node.js tools (e.g., biome). These are standard industry tools and their installation is part of the developer-focused use case.
[PROMPT_INJECTION] (LOW): The skill's hooks process tool inputs and outputs from the agent lifecycle, creating a surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: sys.stdin reads JSON tool data in recipes.md. 2. Boundary markers: integration.md suggests using XML tags for agent attention. 3. Capability inventory: Recipes demonstrate file system writes and command execution. 4. Sanitization: The SECURITY_GATE recipe provides a specific blueprint for blacklisting dangerous shell commands and validating path relativity.

hooks-builder