session-start-hook
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and registers a persistent shell script at '.claude/hooks/session-start.sh'. This script is designed to execute automatically upon every session initialization to maintain the development environment.
- [EXTERNAL_DOWNLOADS]: The skill includes logic to download and install components from the author's repository ('camacho/ai-skills') using 'npx'. This is documented as a mechanism to keep environment-specific tools up to date.
- [PROMPT_INJECTION]: The skill processes project files (such as 'package.json', 'pyproject.toml', and 'README.md') to determine environment setup requirements, which introduces an indirect prompt injection surface. * Ingestion points: Dependency manifest files and project documentation found in the local repository. * Boundary markers: No specific delimiters or instructions to ignore embedded commands within these files are present. * Capability inventory: The skill has the ability to execute shell commands, write files to the project directory, and perform git operations. * Sanitization: There is no evidence of sanitization or validation of the content parsed from these external files.
Audit Metadata