audit-hooks
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the Bash tool to navigate the file system and identify hook sources in local and global directories.
- [COMMAND_EXECUTION]: Employs the Task tool to orchestrate sub-agents (hook-auditor and audit-finding-validator), which perform the analysis and result validation.
- [PROMPT_INJECTION]: Presents an indirect prompt injection surface. The skill reads hook scripts and JSON configurations which are external, potentially untrusted inputs.
- Ingestion points: Processes files from .claude/hooks/, ~/.claude/plugins/, and %USERPROFILE%.claude\plugins.
- Boundary markers: No specific delimiters or ignore instructions are defined for the sub-agents when processing hook content.
- Capability inventory: The skill and its sub-agents have access to file reading, shell execution (Bash), and tool orchestration (Task).
- Sanitization: No explicit sanitization of hook script content before processing is documented.
Audit Metadata