Skills
skills/redpanda77/skills/claude-code-hooks/Gen Agent Trust Hub

claude-code-hooks

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes several shell scripts (e.g., scripts/run-formatters.sh, scripts/block-dangerous-bash.sh) and Python scripts for hook validation and workflow automation. These are standard developer utilities intended to be used as hook handlers for local automation tasks.
  • [EXTERNAL_DOWNLOADS]: The script scripts/run-formatters.sh utilizes npx to execute the prettier formatter. This may trigger a download of the prettier package from the official npm registry if it is not already present on the system. Prettier is a well-known and trusted technology tool.
  • [DATA_EXFILTRATION]: The skill includes a logging script scripts/log-hook-payload.sh that writes hook input data to a local file in the temporary directory (/tmp) for debugging purposes. This is a local operation intended for developer auditing and does not involve network exfiltration.
  • [INDIRECT_PROMPT_INJECTION]: The provided hook handler scripts ingestion points for data from the agent's environment (e.g., tool names and inputs). The scripts demonstrate best practices by using jq for structured extraction of untrusted data before processing it with external tools like formatters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:05 AM
Security Audit — agent-trust-hub — claude-code-hooks