hooks-development
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The hook templates provided in references/hook-templates.md, references/visibility-patterns.md, and references/lifecycle-reference.md utilize the 'eval' command to perform path expansion on variables extracted directly from tool input (e.g., ABSOLUTE_PATH=$(eval echo "$FILE_PATH")). This pattern allows for shell command injection if an attacker influences the file names or tool inputs processed by the hook script.
- [REMOTE_CODE_EXECUTION]: The unsafe execution of 'eval' on unvalidated strings facilitates arbitrary command execution within the environment where the hook is invoked.
- [PROMPT_INJECTION]: The skill ingests untrusted data from tool inputs and interpolates it into the 'reason' field of responses returned to the agent, creating a risk of indirect prompt injection. Ingestion points: Hook scripts parse payload from stdin via 'cat' in references/hook-templates.md. Boundary markers: Absent. Capability inventory: Bash, eval, jq, and grep. Sanitization: Absent for the data interpolated into the agent's feedback reasons.
Audit Metadata