hooks-guide
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its documentation refresh script.
- Ingestion points: The
scripts/fetch-and-transform-hooks-docs.shscript fetches content from external documentation URLs (including code.claude.com, docs.github.com, and ampcode.com) usingcurl. - Boundary markers: The script passes the downloaded content directly into a
claude -pprompt without using delimiters or instructions to ignore embedded commands. - Capability inventory: The AI model processes the external data and the script then writes the output to local reference files within the skill directory.
- Sanitization: No sanitization, validation, or filtering is performed on the downloaded content before it is interpreted by the AI model.
- [EXTERNAL_DOWNLOADS]: The documentation refresh script performs network operations to fetch data from external sources.
- Evidence:
curl --silent --fail --max-time 30 --output "$tmp_file" "$url"inscripts/fetch-and-transform-hooks-docs.sh. - Sources: The script targets official documentation domains for Claude Code, GitHub Copilot, Cursor, Windsurf, and Amp.
- [COMMAND_EXECUTION]: The skill provides a shell script intended for manual execution that performs network requests and invokes AI command-line tools.
- Evidence:
scripts/fetch-and-transform-hooks-docs.shcontains commands forcurl,claude(AI CLI), andsedto modify local files.
Audit Metadata