Skills
skills/laurigates/claude-plugins/configure-pre-commit/Gen Agent Trust Hub

configure-pre-commit

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches hook version metadata from official GitHub release pages (e.g., pre-commit-hooks, ruff-pre-commit, gitleaks) to ensure project compliance with current standards.
  • [COMMAND_EXECUTION]: Utilizes the pre-commit CLI and standard shell utilities (find, grep) to validate project structure, install git hooks, and perform automated updates.
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection due to its processing of project-controlled configuration files.
  • Ingestion points: Reads data from .pre-commit-config.yaml, .project-standards.yaml, package.json, and pyproject.toml files.
  • Boundary markers: Does not utilize specific delimiters or instructions to ignore potential commands embedded within these files.
  • Capability inventory: The skill has access to powerful tools including Bash (command execution), Write/Edit (file modification), and WebFetch (network operations).
  • Sanitization: No validation, escaping, or filtering is applied to the content read from local project files before it is processed in the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:49 PM