Skills
skills/laurigates/claude-plugins/hooks-configuration/Gen Agent Trust Hub

hooks-configuration

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the 'command' hook type, which allows execution of arbitrary shell commands during various agent lifecycle events. Examples include git operations and developer tool invocations (ruff, prettier, bun).
  • [PROMPT_INJECTION]: The skill describes mechanisms like 'SubagentStart' and 'SessionStart' for injecting context or modifying agent prompts. This represents a potential surface for indirect prompt injection if data is not correctly sanitized. 1. Ingestion points: JSON data via stdin from tool inputs or subagent prompts (referenced in SKILL.md). 2. Boundary markers: Absent in provided examples. 3. Capability inventory: Shell command execution via 'command' hooks and prompt modification (referenced in SKILL.md). 4. Sanitization: Best practices in SKILL.md recommend variable quoting and input validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 01:24 PM