Writing Hookify Rules
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill describes a mechanism for injecting instructions into the agent's prompt via local files, which constitutes a surface for indirect prompt injection. 1. Ingestion points: Rule files located in the .claude/hookify.*.local.md directory. 2. Boundary markers: The documentation does not specify boundary markers or instructions to ignore embedded prompts within the rule files. 3. Capability inventory: Rules can trigger based on bash commands, file edits, and completion events, allowing for significant influence over agent operations. 4. Sanitization: No sanitization or validation of the rule message body is mentioned in the guide.
- Command Execution (SAFE): The documentation suggests a benign python3 -c command as a developer utility for testing regular expressions locally.
Audit Metadata