hook-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to create and modify executable scripts on the host system. It provides templates for TypeScript files and explicitly guides the use of 'chmod +x' to grant execution permissions. Furthermore, it details the modification of the '.claude/settings.json' configuration file to register these scripts as active hooks.
- [PROMPT_INJECTION]: The hook architecture presents an indirect prompt injection surface as it is designed to process user prompts and session data. Evidence: 1. Ingestion points: JSON input via stdin as described in SKILL.md and create-hook.md. 2. Boundary markers: The provided script templates lack explicit delimiters or instructions to ignore instructions embedded within the ingested transcripts. 3. Capability inventory: Scripts can perform local file operations and are executed via the Bun runtime. 4. Sanitization: No sanitization or validation logic is included in the provided hook templates.
Audit Metadata