create-hook
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate shell scripts in directory paths such as
~/.claude/hooks/and ensure they have executable permissions viachmod +x. These scripts are intended to facilitate automated development workflows. - [EXTERNAL_DOWNLOADS]: The skill references documentation and examples from trusted organizations and well-known services, including official Claude documentation (
docs.claude.com), GitHub repositories from theanthropicsorganization, and established development utilities such as Prettier and jq. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it analyzes untrusted project configuration files to determine which hooks to suggest.
- Ingestion points: Reads local project files including
package.json,tsconfig.json,.prettierrc, and.eslintrc.*(SKILL.md). - Boundary markers: The instructions do not provide explicit delimiters or warnings to ignore potential instructions embedded within the analyzed configuration files.
- Capability inventory: The skill has the capability to generate shell scripts, modify
settings.json, and register hooks for automatic execution (SKILL.md). - Sanitization: No specific sanitization or validation steps are defined for processing the content retrieved from project configuration files.
Audit Metadata