husky-hooks-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided automation tasks and interpolates them into executable shell scripts (e.g., .husky/pre-commit). Ingestion points: User-specified task descriptions in the skill invocation (found in SKILL.md). Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used in the generator logic. Capability inventory: The skill generates files that execute shell commands using npm and npx (found in output/pre-commit). Sanitization: No sanitization or escaping of the user-provided input is evident before it is written to the hook scripts.
- [COMMAND_EXECUTION]: The skill generates scripts that execute 'npx lint-staged' and 'npm run typecheck'. These are standard development tools and their use is consistent with the skill's primary purpose of Git hook automation.
Audit Metadata