hooks-mastery

This is a protocol specification that documents a hook system where user-configured command hooks run arbitrary shell commands with the same user permissions as the agent and prompt hooks call external LLMs. The spec clearly exposes high-risk capabilities: full filesystem and network access, ability to persist environment variables (including credentials), wildcard matchers that can run hooks broadly, and a blocking control channel via exit codes. The document examples include writing a hard-coded API key to an env file, showing how secrets could be created/persisted. The specification itself contains no active malicious code, but it enables many powerful sinks that can be abused by malicious or misconfigured hooks. Recommendation: treat implementations/configurations of this protocol with strict access controls, code review, signing of hook configurations, policy enforcement (sandboxing, least privilege), and auditing; avoid placing secrets via hook-configured writes and restrict matchers and hook command sources.

The configuration is a benign-looking hook mapping but it creates a high-risk execution surface because of very broad matchers and unconditional execution of external scripts. On its own the file does not contain malicious code, but it grants those referenced scripts the ability to read sensitive context and perform arbitrary actions when invoked. If any referenced script is malicious or becomes compromised, data exfiltration, tampering, or other supply-chain attacks are possible. Recommend restricting matcher patterns, validating and auditing the referenced scripts, and running hooks with least privilege or sandboxing.