create-hooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent on how to create and execute arbitrary shell commands via Claude Code hooks. While this is the intended purpose of the hook system, it creates a surface for executing scripts that could be influenced by project-level configuration files.\n- [PROMPT_INJECTION] (LOW): Identifies a surface for Indirect Prompt Injection (Category 8) in 'prompt' type hooks. Untrusted tool input/output data is interpolated into LLM prompts via the $ARGUMENTS variable without explicit sanitization or boundary markers in the provided examples.\n
- Ingestion points: $ARGUMENTS variable in type: 'prompt' configurations in SKILL.md and references/hook-types.md.\n
- Boundary markers: Absent; examples show direct interpolation without delimiters or instructions to ignore embedded instructions.\n
- Capability inventory: Hooks can execute bash commands, modify file write inputs, and block agent actions.\n
- Sanitization: No sanitization or escaping of the interpolated JSON data is demonstrated.\n- [DATA_EXFILTRATION] (LOW): Documentation patterns describe logging tool usage and archiving session transcripts (session.jsonl) to local file paths. While this involves sensitive data exposure on the local filesystem, the examples provided do not include external network exfiltration.
Audit Metadata