hooks
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The execution logic in
SKILL.mdcontains a shell command injection vulnerability. The variable$ACTION, which is derived from the user-supplied$ARGUMENTSenvironment variable, is used unquoted in a bash command:bash "$PLUGIN_DIR/scripts/manage-hooks.sh" $ACTION. An attacker can provide input containing shell metacharacters (e.g.,;,&&,|) to execute arbitrary commands on the host system. - [DATA_EXFILTRATION]: The skill accesses and modifies the agent's core configuration file at
~/.claude/settings.json. Access to sensitive configuration files like this is flagged as a data exposure concern. Modifying this file allows for persistent changes to the agent's environment and behavior, which could be used to bypass safety constraints or harvest sensitive session information and credentials stored in the platform settings.
Recommendations
- AI detected serious security threats
Audit Metadata