agent-hooks

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: A curl | bash pattern was detected in templates/security_guard_selftest.py. Analysis confirms this is part of a test suite used to verify that the security guard permits standard installers while blocking malicious variants; it is not executed by the skill for non-testing purposes.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to interact with system tools for its intended functions. runtime_footer.py executes curl to fetch balance information from an internal vendor-provided API (starchild-credit-api.internal), while self-test scripts use subprocesses to validate hook logic.
  • [PROMPT_INJECTION]: The skill implements context injection via pre_llm_call hooks, such as in runtime_footer.py which injects a directive to prevent the model from fabricating cost data. This is an intended feature of the hook architecture used for behavioral steering.
  • [DATA_EXFILTRATION]: The skill includes a security_guard.py template specifically designed to detect and block data exfiltration attempts, such as attempts to pipe sensitive files like .env or SSH keys to remote network tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 10:33 PM
Security Audit — agent-trust-hub — agent-hooks