The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool in Phase 3 (TEST) to execute generated Python scripts. It runs commands like 'time python3 hooks/{name}.py' to enforce a 50ms performance gate and 'echo {} | python3 hooks/{name}.py' to verify non-blocking behavior.
[REMOTE_CODE_EXECUTION]: The skill implements a 'Write-then-Execute' pattern. It dispatches code generation to a sub-agent (hook-development-engineer) and then executes the resulting Python file locally using Bash. This allows for the execution of arbitrary code if the generating agent or its inputs are compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the SPEC phase. • Ingestion points: Reads hook requirements from ADR sessions using 'python3 scripts/adr-query.py'. • Boundary markers: Absent; external requirements are incorporated directly into the spec and subsequent code generation. • Capability inventory: Shell execution (Bash) and configuration modification (Edit/Write). • Sanitization: None; data from the ADR session is not sanitized before being used to define the hook's behavior.
[DATA_EXPOSURE]: The skill accesses and modifies sensitive configuration files located at '.claude/settings.json' and the user-level '~/.claude/settings.json' to register new hooks.
[PERSISTENCE]: By updating the 'settings.json' file, the skill establishes persistent automated behaviors that will run in all future agent sessions whenever the specified event triggers occur.

hook-development-pipeline