hook-development
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several bash utility scripts (
scripts/validate-hook-schema.sh,scripts/test-hook.sh,scripts/hook-linter.sh) and example hooks (examples/validate-bash.sh,examples/validate-write.sh) that execute shell commands. These are designed to validate configurations, lint code for security best practices, and test hook scripts locally during development. - [INDIRECT_PROMPT_INJECTION]: The skill documentation describes how to implement prompt-based hooks that process data from tool inputs (
$TOOL_INPUT) and results ($TOOL_RESULT). This creates an inherent surface for indirect prompt injection which users must manage through robust prompt engineering. - Ingestion points:
SKILL.mdandreferences/patterns.mddemonstrate how external data from tool calls is interpolated into natural language prompts for evaluation. - Boundary markers: The provided examples show direct interpolation of variables without explicit delimiters, though the guidance emphasizes context-aware validation.
- Capability inventory: The skill includes examples of hooks that can approve, deny, or modify tool calls (
PreToolUse) and block agent completion (Stop). - Sanitization: The
scripts/hook-linter.shutility specifically checks for shell variable quoting and other safety measures to prevent injection vulnerabilities in the hook scripts themselves.
Audit Metadata