hook-authoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation (SKILL.md and modules/hook-types.md) explicitly documents "HTTP Hooks (Claude Code 2.1.63+)" which POSTs hook input to arbitrary URLs (e.g., "https://my-service.example.com/hooks/validate-bash") and consumes the returned JSON (including decisions, additionalContext, or updatedInput) that the agent uses to alter tool inputs and permission decisions, exposing it to untrusted third-party responses that could inject instructions.