memo-hooks
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a modular architecture of shell scripts and Python helpers to manage local state and configurations. This includes
install.shfor setup,hook-config.shfor JSON management, andsettings-mutator.shfor modifying Claude's internalsettings.jsonfile. All operations are confined to the local project and the user's home directory. - [PROMPT_INJECTION]: The
context-monitor.shscript is designed to steer agent behavior by injecting instructions into the prompt context when token thresholds are exceeded. For instance, in 'auto-handoff' mode, it provides instructions such as "Stop current work. Call the /handoff skill..." While this technically overrides agent autonomy, it is the primary intended functionality of the skill and is implemented through documented platform mechanisms (theadditionalContextenvelope). - [EXTERNAL_DOWNLOADS]: The skill documentation refers to the
gumtool (from Charm Bracelet) to provide an interactive TUI for hook management. This is a well-known and reputable third-party utility, and the skill does not attempt to download or execute it automatically.
Audit Metadata