building-hooks
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides multiple Bash and JavaScript examples that execute system commands for building, formatting, and linting code (e.g.,
npm,cargo,go,npx). These are found inSKILL.mdandresources/hook-examples.md. - [PROMPT_INJECTION]: The skill demonstrates 'Context Injection' and 'Skill Activation' patterns (specifically
Example 4inresources/hook-examples.md) that interpolate user input into the agent's prompt context, creating a surface for indirect prompt injection. - Ingestion points:
resources/hook-examples.mdcontains a scriptskill-activator.jsthat reads the user prompt from standard input. - Boundary markers: The injected context uses visual headers (e.g., '🎯 SKILL ACTIVATION CHECK') but lacks strict delimiters or warnings to ignore embedded instructions.
- Capability inventory: The hook patterns demonstrate the ability to execute shell commands, write to the filesystem, and send system notifications.
- Sanitization: The examples show limited sanitization of user-provided text before it is used for pattern matching or prompt interpolation.
- [COMMAND_EXECUTION]: The 'User Notification' pattern in
resources/hook-patterns.mdexecutes platform-specific commands such asosascripton macOS andnotify-sendon Linux. - [COMMAND_EXECUTION]: The 'Graceful Degradation' pattern in
resources/hook-patterns.mdutilizes theevalcommand in Bash to execute arbitrary strings passed as command arguments.
Audit Metadata