building-hooks
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a framework for creating and executing bash-based event hooks. This is an intended core feature for automation and policy enforcement. The skill documentation (SKILL.md and hook-maintenance-guide.md) extensively covers security best practices, including input sanitization and the prevention of command injection using regex validation.
- [SAFE]: The provided validation script (scripts/validate-hooks.py) uses only the Python standard library to perform local schema and security checks on hook configurations. It does not perform any network operations or access sensitive data.
- [SAFE]: The skill includes comprehensive checklists and maintenance guides that encourage a security-first approach to building hooks, including warnings against dangerous patterns like 'eval' or unvalidated command substitution.
Audit Metadata