creating-claude-hooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [GENERAL] (SAFE): The content is purely instructional and provides guidance on hook development, including security best practices such as path sanitization and secret detection.
- [DATA_EXPOSURE] (SAFE): The skill includes examples of how to block access to sensitive files (e.g., .env, .pem) and how to detect secrets in prompts within the user's developed hooks.
- [REMOTE_CODE_EXECUTION] (SAFE): While the skill mentions external tools (prpm, jq) and links to a JSON schema on GitHub, it does not contain instructions to download and execute untrusted remote code automatically.
- [COMMAND_EXECUTION] (SAFE): The
chmod +xinstructions are standard for the intended purpose of making user-created scripts executable and do not constitute an unauthorized privilege escalation risk within this context.
Audit Metadata