hooks-builder

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill documentation is not itself malicious code, but it describes and enables high-risk capabilities: running arbitrary shell commands and scripts on hook events with the invoking user's permissions and executing project-committed hooks. The primary risks are supply-chain (committed hooks in repositories executing automatically), command injection (if implementers copy unsafe examples), and data exfiltration via scripts. Recommended mitigations: audit committed hooks, require manual review or signing, run hooks with least privilege or sandboxing, and follow the doc's safe patterns strictly (quote variables, validate paths, parse JSON safely). LLM verification: The content is legitimate documentation for building event-driven hooks and the included example scripts are not overtly malicious. However, the capability to execute arbitrary commands on agent-triggered events presents a meaningful supply-chain risk if hooks (especially committed ones) are unreviewed or overly broad (e.g., '*' matchers). The presence of destructive command examples (rm -rf, chmod 777) in documentation increases the chance of accidental damage. No obfuscated or clearly maliciou