agent-hooks
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: A
curl | bashpattern was detected intemplates/security_guard_selftest.py. Analysis confirms this is part of a test suite used to verify that the security guard permits standard installers while blocking malicious variants; it is not executed by the skill for non-testing purposes. - [COMMAND_EXECUTION]: The skill uses
subprocess.runto interact with system tools for its intended functions.runtime_footer.pyexecutescurlto fetch balance information from an internal vendor-provided API (starchild-credit-api.internal), while self-test scripts use subprocesses to validate hook logic. - [PROMPT_INJECTION]: The skill implements context injection via
pre_llm_callhooks, such as inruntime_footer.pywhich injects a directive to prevent the model from fabricating cost data. This is an intended feature of the hook architecture used for behavioral steering. - [DATA_EXFILTRATION]: The skill includes a
security_guard.pytemplate specifically designed to detect and block data exfiltration attempts, such as attempts to pipe sensitive files like.envor SSH keys to remote network tools.
Audit Metadata