Hook Development
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a comprehensive set of developer utilities and documentation aimed at promoting secure hook development. It includes specific patterns for validating inputs, detecting secrets, and preventing common vulnerabilities like path traversal and shell injection.- [COMMAND_EXECUTION]: Scripts such as
test-hook.share provided to execute local hook implementations for testing purposes. This functionality is intended for local development workflows and operates on files provided by the user.- [EXTERNAL_DOWNLOADS]: Documentation refers to external integrations (e.g., Slack webhooks, database connections, and npm packages for linting) as examples for developer workflows. No automated or hidden remote downloads or code execution are performed by the skill itself.- [DATA_EXFILTRATION]: The skill provides defensive logic to prevent data exposure, including examples invalidate-write.shandvalidate-bash.shthat explicitly block access to system directories and detect credentials in file contents. No malicious data exfiltration or hardcoded secrets were found.
Audit Metadata