The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The utility script scripts/test-hook.sh executes hook scripts using bash -c with unquoted and unsanitized file path arguments. While this is the primary purpose of a test runner, the lack of sanitization for user-provided file names creates a local command injection vector.
[PROMPT_INJECTION] (LOW): Documentation in references/migration.md and references/patterns.md recommends migrating to 'prompt-based hooks' that interpolate untrusted data (like bash commands or file contents) directly into prompts. Ingestion points: hooks.json configuration and tool inputs. Boundary markers: Absent in the provided prompt templates. Capability inventory: Hooks possess the ability to approve or deny sensitive operations like file writes and command executions. Sanitization: None provided in the examples, increasing the risk of an attacker-controlled file or command influencing the agent's permission decisions.

Hook Development