hooks-setup
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill's primary function is to set up persistent 'hooks' within the agent's environment ('.claude/settings.json'). These hooks are designed to automatically execute shell commands (e.g., 'npx prettier', 'ruff', 'pytest', 'gofmt') triggered by agent events like file modifications or session completion.
- EXTERNAL_DOWNLOADS (LOW): The provided recipes (e.g., 'post-edit-lint.yaml', 'post-edit-test.yaml') use 'npx' to run development tools. 'npx' has the capability to download and execute packages from the public npm registry at runtime if the requested tool is not found in the local environment.
- INDIRECT PROMPT INJECTION (LOW): Several scripts ingest untrusted data from the agent's internal tool communication channel.
- Ingestion points: Scripts such as 'recipes/pre-bash-guard.yaml' and 'recipes/post-edit-lint.yaml' read JSON-formatted tool inputs from 'stdin' using 'jq'.
- Boundary markers: Absent. The scripts process raw tool input without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill facilitates the execution of various system binaries and package-based tools ('npx', 'ruff', 'pytest', 'biome', 'eslint', 'black', 'rubocop', 'gofmt', 'rustfmt').
- Sanitization: Scripts use basic shell quoting ('"$FILE_PATH"') and 'jq' for extraction, which prevents simple word-splitting but does not validate the content or source of the input against a strict security policy.
- DYNAMIC EXECUTION (LOW): The skill generates shell scripts from 'script_template' fields in YAML recipes and configures the agent to execute them. This script generation is handled through the interpolation of templates into the filesystem.
Audit Metadata