hooks-check
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local hook scripts identified in '.claude/settings.json' to verify their output format. This pattern allows for the execution of arbitrary local commands if the configuration file contains untrusted paths or malicious content.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to create new scripts and change file permissions using chmod, which facilitates the creation and activation of persistence mechanisms that run automatically during Claude's lifecycle events.
- [COMMAND_EXECUTION]: Indirect Prompt Injection Surface (Category 8):
- Ingestion point: Reads hook configurations from the user-controlled file '.claude/settings.json'.
- Boundary markers: None; the agent is not instructed to ignore embedded instructions or validate the configuration content.
- Capability inventory: Script execution, file writing, and permission modification.
- Sanitization: No validation or escaping of the script content or paths is performed before execution or permission changes.
Audit Metadata