claude-hooks-configuration
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the configuration of lifecycle hooks in
.claude/settings.json. These hooks (e.g.,SessionStart,PreToolUse,PostToolUse) automatically execute shell commands or scripts whenever specific agent events occur, creating a mechanism for persistent automated code execution similar to shell startup profiles. - [DATA_EXFILTRATION]: The instructions provide a script template (
session-logger.sh) that usescurlto send session data to an external endpoint (https://api.example.com/log). While the domain used is a placeholder, it establishes a functional pattern for exfiltrating session telemetry or state from the agent's environment. - [COMMAND_EXECUTION]: The skill suggests modifying file permissions using
chmod +xfor locally created hook scripts. While necessary for script execution, this pattern involves granting execution privileges to files within the user's home directory (~/.claude/). - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by configuring hooks (especially
promptandagenttypes) that process event data. If the event data (like tool arguments or command outputs) contains malicious instructions, it could influence the agent's behavior during hook execution. - Ingestion points:
.claude/settings.jsonhook configurations for event handling. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the configuration examples.
- Capability inventory: The skill uses
Bash,Write, andEditto manage these hooks and scripts. - Sanitization: No sanitization or validation of event data is described in the hook implementation patterns.
Audit Metadata