The Agent Skills Directory

Local Development Tooling: The scripts in scripts/ (e.g., test-hook.sh and hook-linter.sh) facilitate the local execution and validation of hook scripts. These utilities are standard for developer workflows and help ensure that automations follow best practices for safety and error handling.
Defensive Hook Implementation: Example scripts such as examples/validate-bash.sh and examples/validate-write.sh demonstrate how to implement security filters. These patterns are designed to block dangerous operations like destructive shell commands or unauthorized access to system directories and sensitive files.
Sensitive Data Handling: The skill provides specific guidance in references/patterns.md for identifying and protecting credentials, tokens, and environment files, which helps prevent accidental data exposure during automated tool use.
Prompt-Based Security Filtering: By advocating for prompt-based hooks in SKILL.md, the skill enables context-aware validation of tool calls. This approach allows the agent to evaluate the intent of a request rather than relying solely on string matching, improving the detection of sophisticated threats.
Indirect Prompt Injection Surface: The skill defines how hooks process external data from tools and users. Ingestion points are the hook event listeners described in SKILL.md; boundary markers are recommended via prompt instructions; capabilities include filesystem and shell access; and sanitization is promoted through the use of jq for structured parsing and LLM reasoning for intent analysis.

hook-development