The Agent Skills Directory

[COMMAND_EXECUTION]: The skill automates the creation of shell scripts in the .claude/hooks/ directory and explicitly instructs the agent to grant execution permissions using chmod +x.
[COMMAND_EXECUTION]: These scripts are registered in settings.json to be triggered automatically by various agent events, such as SessionStart, PreToolUse, and Stop, creating a persistence mechanism within the project context.
[REMOTE_CODE_EXECUTION]: The skill's primary function is dynamic script generation. If the input requirements ('purpose' or 'requirements') are sourced from an untrusted document or user, it could lead to the deployment of arbitrary malicious code that executes silently in the background.
[DATA_EXFILTRATION]: Hook scripts receive detailed session metadata, including transcript paths and tool inputs, via standard input (stdin). A maliciously crafted hook could easily transmit this sensitive information to an external server.
[REMOTE_CODE_EXECUTION]: Evidence of attack surface for indirect injection: (1) Ingestion points: 'purpose' and 'hook-type' arguments in SKILL.md. (2) Boundary markers: None provided. (3) Capability inventory: Script creation, chmod +x, and automated execution via platform settings. (4) Sanitization: No sanitization of user-provided requirements before interpolation into script templates.

hook-template