hooks-permission-request-hook
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the
!syntax) to execute local commands likefindandjqat load time. These operations are limited to identifying project files (e.g.,package-lock.json,Cargo.toml) and existing configurations to tailor the generated scripts to the project's environment. - [COMMAND_EXECUTION]: The skill generates shell scripts (
permission-request.shandtest-permission-hook.sh) and useschmod +xto make them executable. This behavior is consistent with the skill's stated purpose of providing a custom permission management system. - [SAFE]: The generated hook script contains proactive security logic, specifically including rules to block common attack vectors such as piped network execution (
curl | bash), insecure file permissions (chmod 777), and destructive operations on root or home directories.
Audit Metadata