hooks-explainer
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's YAML frontmatter includes deceptive metadata fields:
verified: trueandtrust_score: 100. These self-reported claims are designed to mislead users or automated systems into assuming the skill has undergone external validation. - [PROMPT_INJECTION]: The skill implements a 'Memory Protocol' representing an indirect prompt injection surface. Evidence chain: (1) Ingestion points: Reads
.claude/context/memory/learnings.mdanddecisions.md(SKILL.md); (2) Boundary markers: Absent - no delimiters or warnings to ignore instructions in ingested data; (3) Capability inventory: Executes Node.js scripts and shell searches (SKILL.md, scripts/main.cjs); (4) Sanitization: Absent
- no validation or filtering of memory file content before processing.
- [COMMAND_EXECUTION]: The skill executes its own internal Node.js script (
scripts/main.cjs) and performs shell-based code searches usingripgrepandpnpm. These execution patterns provide a vector for arbitrary command execution if the agent is manipulated into processing malicious inputs through these tools.
Audit Metadata