The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the configuration and execution of shell commands triggered by various agent events such as tool usage and session lifecycle. Evidence: Hook configuration logic and shell command templates in SKILL.md and references/claude-templates.md.
[DATA_EXFILTRATION]: Includes templates for logging all shell command inputs to a local file, creating a risk that secrets, API keys, or tokens used in command arguments are persistently stored in plain text. Evidence: 'Log All Commands' template in references/claude-templates.md.
[PROMPT_INJECTION]: The skill exposes a significant indirect prompt injection surface by allowing the agent to create and modify executable hooks based on processed data and user requests. Ingestion points: Natural language requests to manage hooks (SKILL.md). Boundary markers: No explicit prompt delimiters or 'ignore' instructions are provided for the hook creation process. Capability inventory: Shell command execution, file writing, and making scripts executable via chmod +x (SKILL.md). Sanitization: Employs a local validation script scripts/validate_hooks.py to verify the JSON structure and requirements of the hook configuration.
[REMOTE_CODE_EXECUTION]: Encourages the generation and execution of custom shell scripts, providing instructions for creating executable files in the user's home directory. Evidence: Recommendations for using script files and chmod +x in SKILL.md.

hooks-management