latch
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to propose, configure, and debug Claude Code hooks, which execute shell scripts or prompt-based logic at specific lifecycle events. This involves modifying the user's
settings.jsonand creating executable script files on the local filesystem. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes project-specific data (such as existing hooks and configuration files) to inform the design of new automation. Malicious instructions in these files could influence the resulting hook logic or configuration. \n
- Ingestion points: Reads current hook status via
/hooksand project configuration fromsettings.jsonandCLAUDE.md. \n - Boundary markers: Uses standard markdown and JSON formatting; no adversarial boundary enforcement for untrusted data is documented. \n
- Capability inventory: The skill has the capability to modify system-level configuration files and create shell scripts that execute automatically. \n
- Sanitization: No explicit sanitization or logic verification routines are defined for data sourced from the local project environment.
- [SAFE]: The skill implements best practices for safety by including a dedicated guide for 'Secret Leak Prevention' and 'Bash Command Safety Validation'. It also explicitly warns the user about the risks of using hooks from untrusted repositories.
Audit Metadata