Skills
skills/zbruhnke/claude-code-starter/install-precommit/Gen Agent Trust Hub

install-precommit

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill uses Bash to modify .git/hooks and apply executable permissions (chmod +x), which is a classic vector for persistence and local code execution.
  • [DYNAMIC_EXECUTION] (HIGH): The skill promotes the file .claude/hooks/pre-commit-review.sh to a git hook. If an attacker provides a malicious version of this file in a repository, the skill will execute it with the user's privileges.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: 1. Ingestion point: .claude/hooks/pre-commit-review.sh 2. Boundary markers: None 3. Capability inventory: Bash (chmod, cp, ln), Write 4. Sanitization: None. The skill has the capability to execute untrusted scripts found in the local file system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:13 AM