hooks-guide
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The maintenance script
scripts/fetch-and-transform-hooks-docs.shimplements an automated documentation refresh pipeline that is susceptible to indirect prompt injection. - Ingestion points: The script fetches content from several external documentation URLs (e.g., code.claude.com, docs.github.com) into
/tmpbefore processing them. - Boundary markers: The LLM prompt used to transform the documentation (
rwr:doc-to-skill) lacks delimiters or explicit instructions to ignore instructions embedded within the source text. - Capability inventory: The skill utilizes the
claudeCLI for content transformation andsedfor updating the localreferences/platform-coverage.mdfile. - Sanitization: No validation or sanitization of the fetched content is performed beyond a minimum file size check.
- [EXTERNAL_DOWNLOADS]: The
scripts/fetch-and-transform-hooks-docs.shscript is configured to download content from multiple external domains. - The script fetches documentation from official sources including
code.claude.com,docs.github.com,docs.cursor.com,docs.windsurf.com, andampcode.com. - These are well-known technology and documentation services, and the network activity is tied to the skill's intended maintenance functionality.
- [COMMAND_EXECUTION]: The skill executes shell commands for maintenance and provides various examples of command execution in its technical guides.
- The script
scripts/fetch-and-transform-hooks-docs.shexecutescurl,claude, andsedto update local files. - Educational reference files such as
references/hooks-cjs.mdandreferences/hooks-python.mddemonstrate the use ofexecFileSyncandsubprocess.runfor executing local development tools likeruff,git, andprettier.
Audit Metadata