Skills
skills/fellowship-dev/dogfooded-skills/hookshot/Gen Agent Trust Hub

hookshot

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates shell scripts (check-docs.sh, check-skill-drift.sh, check-md-lint.sh) and wires them into the agent environment via .claude/settings.json. The generated check-skill-drift.sh contains a command injection flaw where it interpolates the environment-provided FILE_PATH variable into a Python string literal without escaping, potentially allowing arbitrary code execution via crafted filenames.
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. 1. Ingestion points: docs/code-structure.md, docs/code-guidelines.md, and ARCHITECTURE.md. 2. Boundary markers: Absent; reminders are printed directly to stderr with generic emojis. 3. Capability inventory: Read, Write, and Bash tools used for hook implementation. 4. Sanitization: Absent; documentation content is directly promoted to the agent's context as enforcement reminders without validation or escaping.
  • [EXTERNAL_DOWNLOADS]: The skill downloads markdownlint-cli2 via npx and installs itself from the vendor's repository. These operations are consistent with the skill's stated purpose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 02:54 AM