hooks-configuration
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains multiple examples of shell scripts (Bash) used to automate tasks at lifecycle events such as SessionStart and PreToolUse. These scripts interact with the system using tools like jq, git, npm, and bun.
- [DATA_EXFILTRATION]: Documentation for 'http' hooks explains how to send session data, including transcripts and tool inputs, to external HTTPS endpoints. An example script also demonstrates writing audit logs to a file in the user's home directory (~/.claude/audit.log).
- [PROMPT_INJECTION]: The skill describes using hooks to modify agent prompts and inject context (e.g., SubagentStart and SessionStart). This represents a surface for Indirect Prompt Injection.
- Ingestion points: Data from tool_input, tool_response, and subagent_prompt in SKILL.md.
- Boundary markers: Not included in the provided prompt interpolation examples.
- Capability inventory: The skill has access to shell execution (Bash), file system operations (Read, Write, Edit, Glob), and network communication via http hooks.
- Sanitization: Examples demonstrate data extraction via jq but do not include explicit sanitization of untrusted data before prompt injection.
- [COMMAND_EXECUTION]: The documentation includes instructions for executing local scripts, such as a bash-antipatterns detection script located within the project directory.
Audit Metadata