install-hooks
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
Bash(chmod:*)to grant execution permissions to scripts stored in the.claude/hooks/directory, enabling them to run on agent events. - [COMMAND_EXECUTION]: It leverages
Bash(jq:*)to programmatically updatesettings.json, allowing for the persistent registration of these hook scripts. - [PROMPT_INJECTION]: An indirect prompt injection surface exists through the use of
$ARGUMENTSto influence script installation and configuration. 1. Ingestion point:$ARGUMENTSin SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:Write,Bash(chmod:*),Bash(jq:*)in SKILL.md. 4. Sanitization: Absent.
Audit Metadata