The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the creation of shell-based hooks stored in configuration files like ~/.claude/settings.json. These hooks execute arbitrary system commands triggered by agent events. Evidence: SKILL.md defines a configuration structure for shell commands, and references/examples.md provides scripts for logging and system notifications.
[COMMAND_EXECUTION]: The skill establishes persistence by guiding the modification of agent configuration files to run scripts automatically during future sessions or tool uses. Evidence: SKILL.md step 5 and the SessionStart event documentation in references/hook-events.md.
[EXTERNAL_DOWNLOADS]: Example configurations in references/examples.md use npx prettier, which may fetch the Prettier utility from the NPM registry.
[PROMPT_INJECTION]: Risk of indirect command injection through unvalidated tool inputs. Ingestion points: Hooks process JSON from stdin containing fields like tool_input.file_path, which can be influenced by external data. Boundary markers: No delimiters or safety instructions are present in the example configurations. Capability inventory: The skill enables arbitrary shell execution, file modification, and system notifications. Sanitization: Provided examples use basic jq and shell variables without robust escaping, potentially allowing malicious inputs (e.g., filenames with shell metacharacters) to execute unintended commands.

hook-creator