hook-creator

The documentation defines a powerful hook system that intentionally permits arbitrary shell execution and transmission of hook context to external LLMs. The documentation itself is benign, but the mechanisms it defines enable high-impact abuses (data exfiltration, credential theft, filesystem destruction, covert persistence) if hook configurations or plugin hooks are malicious or misconfigured. Operators must treat hook configurations and plugin-provided hooks as high-risk supply-chain components and apply strict review, isolation, and least-privilege controls before enabling them.