hook-creator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process data from various tool operations (Bash commands, file writes, tool outputs). This creates a surface for indirect prompt injection where malicious instructions embedded in the data being processed (e.g., a file being read or a command output) could attempt to influence the logic of the hooks or the agent's next actions.
- Ingestion points: Hook input via
fs.readFileSync(0, 'utf-8')(stdin) inpre-hook-template.js,post-hook-template.js, andhook-template-generator.js. - Boundary markers: None explicitly enforced in templates to separate data from instructions; the skill relies on the user to implement regex or logic checks.
- Capability inventory: Templates demonstrate the ability to block/approve commands, write to log files (
fs.appendFileSync), and execute system commands via the registered hooks. - Sanitization: The skill provides a 'Security Considerations' section advising validation of all input, but the templates themselves do not include default sanitization functions beyond basic JSON parsing.
- [COMMAND_EXECUTION]: The skill frequently references and generates scripts that execute commands. While these are intended for legitimate automation and validation, the templates include examples of regex-based command blocking (e.g.,
rm -rf,sudo) which may be bypassed by sophisticated inputs if not carefully implemented. - [SAFE]: The skill includes extensive 'Anti-Patterns' and 'Shell Script Best Practices' sections that correctly identify and mitigate common security and portability issues such as improper variable quoting, silent failures, and dangerous flags.
Audit Metadata