create-hooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill is comprised entirely of markdown documentation. It contains no executable scripts, configuration files, or active code that would be run by the agent.
- COMMAND_EXECUTION (SAFE): Shell command examples in the documentation (e.g., using
jq,prettier, andgit) are standard, safe, and intended for local development tasks like logging or code formatting. - PROMPT_INJECTION (SAFE): LLM prompt hook examples are explicitly designed for safety and quality control, such as checking for security vulnerabilities (SQLi, XSS) or validating commit messages. No prompt injection or bypass techniques are present.
- DATA_EXFILTRATION (SAFE): While the documentation describes logging and session archiving, these operations are restricted to local paths (e.g.,
~/.claude/or$CLAUDE_PROJECT_DIR). There are no patterns suggesting exfiltration of sensitive data to external domains.
Audit Metadata