Hooks Automation
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill implements automated hooks that execute shell commands via
npx claude-flow. Configuration templates provided in the documentation use direct string interpolation for tool parameters such as${tool.params.file_path}and${tool.params.command}. - Evidence: The configuration examples in the
SKILL.md(e.g.,"command": "npx claude-flow hook pre-edit --file '${tool.params.file_path}' ...") demonstrate this pattern, which is susceptible to command injection if inputs containing shell metacharacters are processed without sufficient sanitization. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
claude-flowpackage from the NPM registry as a prerequisite. - Evidence: The documentation explicitly instructs the user to run
npm install -g claude-flow@alphato use the skill. - [PROMPT_INJECTION]: The skill includes features for 'Neural Training' and 'Memory Coordination' that ingest untrusted data from the local environment, such as code edits, task descriptions, and search queries. This data is used to 'train' patterns and coordinate agents, creating a surface for indirect prompt injection.
- Ingestion points:
pre-task(descriptions),pre-search(queries),post-edit(file content), andpost-task(decisions) serve as points where external content enters the agent's context. - Boundary markers: No explicit sanitization or boundary markers are shown in the provided command-line or configuration examples to prevent the agent from obeying instructions embedded in the processed data.
- Capability inventory: The skill utilizes shell command execution via
npx, automated file modifications (auto-formatting), and persistent memory storage through MCP tools. - Sanitization: The provided examples do not demonstrate sanitization or escaping of the interpolated tool parameters before they are passed to the shell.
Audit Metadata