hooks-management
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to create, modify, and execute shell scripts (hooks) that run automatically in response to agent events. This includes making scripts executable using
chmod +xas shown in the workflow section ofSKILL.md. - [CREDENTIALS_UNSAFE]: The skill facilitates access to sensitive files, including the agent's main configuration (
~/.claude/settings.json) and environment files (.claude-env,.env). Templates provided inreferences/claude-templates.mddemonstrate patterns for monitoring access to.env,secrets, andcredentialsfiles. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads configuration data from
.claude/settings.jsonwithin project directories, which could be controlled by a third party in a malicious repository. - Ingestion points: The skill reads
~/.claude/settings.json,.claude/settings.json, and.claude/settings.local.json(documented inSKILL.md). - Boundary markers: No delimiters or safety instructions are used when reading or processing these configuration files to prevent the agent from following instructions embedded within the data.
- Capability inventory: The skill provides full shell execution capabilities via the hook system, file writing access, and the ability to change file permissions (
SKILL.md). - Sanitization: While the skill includes
scripts/validate_hooks.pyto check JSON structure, it does not perform security-focused sanitization of the shell commands configured within the hooks.
Audit Metadata