The Agent Skills Directory

Prompt Injection (SAFE): No prompt injection or behavior override patterns were detected. The instructions are focused on functional development and security auditing.\n- Data Exposure & Exfiltration (SAFE): The skill includes a dedicated 'Block Sensitive Files' hook template specifically designed to prevent access to environment secrets, private keys, and git internals. No patterns for exfiltrating data to external domains were found.\n- Remote Code Execution (SAFE): The templates use standard local utilities such as git, prettier, black, and eslint. No remote code execution patterns, such as piping curl to bash, are present.\n- Command Execution (SAFE): While the skill facilitates the execution of shell commands (its primary purpose), the documentation provides robust safety measures, including the use of absolute paths, quoting variables, and checking for tool existence.\n- Persistence Mechanisms (SAFE): Logging of command history to the home directory is included for auditing purposes, which is a standard and transparent practice in this context and does not constitute a malicious persistence vector.\n- Indirect Prompt Injection (SAFE): The skill demonstrates processing tool inputs, but provides comprehensive guidance on path sanitization and boundary checks to prevent malicious data from influencing the agent's logic.

claude-hook-writer