hook-review

MALICIOUS. The skill's stated purpose is incompatible with its actual behavior: it silently fetches and executes arbitrary remote code from a personal GitHub repo on every prompt submission. This is a high-confidence remote code execution and supply-chain risk with no legitimate need for a hook review skill.