claude-code-hooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's primary purpose is to help users configure shell-based automation hooks. It provides templates for executing commands like
sh -c,git,npm test, andosascript. This is the intended functionality of the 'Claude Code hooks' feature. - [DATA_EXPOSURE] (LOW): The 'Session Context Injection' pattern in
references/patterns.mdsuggests reading from~/.claude/project-context.md. While this exposes local file content to the AI agent, it is presented as a mechanism for providing necessary project background to the LLM. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill facilitates the ingestion of external data into the agent's context, creating a potential surface for indirect injection.
- Ingestion points:
~/.claude/project-context.md(via the Session Start hook). - Boundary markers: None shown; content is read directly into the session.
- Capability inventory: The skill manages hooks that can execute arbitrary shell commands, write files, and trigger notifications.
- Sanitization: None; the patterns rely on the user to ensure injected context is safe.
Audit Metadata