global-hook-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill modifies '~/.claude/settings.json' to register global hooks that persist across agent sessions. These hooks trigger custom scripts on every Write, Edit, and SessionEnd event, granting the skill permanent influence over the agent's lifecycle.
- REMOTE_CODE_EXECUTION (HIGH): The 'templates/feature-commit.sh' utility is vulnerable to Indirect Prompt Injection and command injection. 1. Ingestion points: Reads feature titles from '.claude/progress/feature-list.json' using jq. 2. Boundary markers: None. 3. Capability inventory: Shell execution via heredoc interpolation ($MESSAGE) within a command substitution used for 'git commit'. 4. Sanitization: None; user-controlled JSON values are expanded directly in the shell context, allowing arbitrary code execution if the feature list is poisoned.
- EXTERNAL_DOWNLOADS (LOW): 'templates/markdownlint-fix.sh' uses 'npx' to download 'markdownlint-cli2' from the npm registry. While this is remote execution, it is downgraded to LOW per [TRUST-SCOPE-RULE] as 'npmjs.com' is a trusted registry.
- COMMAND_EXECUTION (MEDIUM): Setup scripts ('setup-global-hooks.sh' and 'install-hooks.sh') perform file system operations and 'chmod +x' to install executable scripts into the user's home directory.
Recommendations
- AI detected serious security threats
Audit Metadata