hook-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill serves as a security-enhancing utility for developers.
- Input Sanitization: Example scripts like
validate-bash.shandvalidate-write.shdemonstrate how to parse agent input viajqand apply regex checks to block destructive operations and path traversal. - Secure Execution: The
scripts/test-hook.shutility implements defensive coding by validating file paths against shell-metacharacters and using positional parameters inbash -ccalls to prevent command injection. - Linter Enforcement:
scripts/hook-linter.shscans hook scripts for security pitfalls, including unquoted variables and hardcoded absolute paths. - No Malicious Patterns: Analysis of the scripts and documentation found no evidence of data exfiltration, obfuscation, or unauthorized remote code execution.
Audit Metadata