hooks-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely documentary, providing users with recipes and working examples for the Claude Code hook system. All code and configuration snippets represent intended platform functionality.
- [COMMAND_EXECUTION]: Documents the standard use of shell commands and local script execution within the hook lifecycle (e.g., running linters or security checks on code changes). The examples use localized paths or environment variables like
${CLAUDE_PLUGIN_ROOT}. - [PROMPT_INJECTION]: Provides instructional templates for "Prompt-Based Hooks" that utilize LLMs for task verification and completion detection. These patterns are designed for internal logic and do not contain attempts to bypass agent safety protocols or instructions to ignore constraints.
- [DATA_EXFILTRATION]: Includes examples of scripts reading tool inputs and environment variables from standard input for local validation purposes. No network operations or external data transmission patterns were identified.
Audit Metadata