hooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides instructions and examples for creating local shell scripts to be executed by the Claude Code environment's hook system. This is the primary, documented purpose of the skill.
- [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The
TOOL_INPUTenvironment variable contains data passed to the hook scripts, which may include untrusted input from previous agent steps. - Boundary markers: Absent in the examples; scripts rely on simple string matching (
grep). - Capability inventory: Scripts use
bash,git, andjqto inspect and potentially block actions or provide warnings. - Sanitization: The provided examples use
grepandjqfor sanitization and validation specifically to prevent dangerous actions (e.g., blockingrm -rf /orgit push --force).
Audit Metadata