create-hooks
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides instructions for enabling shell command hooks that execute automatically during agent events. This provides a mechanism for arbitrary local code execution and persistence if the configuration file is modified. Evidence: SKILL.md documentation of 'command' type hooks.
- [PROMPT_INJECTION] (MEDIUM): The 'prompt' hook type creates an indirect injection surface by passing tool inputs directly into LLM prompts via the $ARGUMENTS variable. Malicious data in files or commands being processed could influence the agent's decision-making logic. Evidence: SKILL.md 'hook_type name="prompt"' section.
- [COMMAND_EXECUTION] (LOW): The logging example demonstrates the ability to capture tool usage data (including command arguments) and write it to local files, which could be extended to exfiltrate or expose sensitive session information. Evidence: SKILL.md 'Log all bash commands' example.
Audit Metadata