hooks
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides templates for shell wrappers and TypeScript handlers that execute local code via npx tsx during agent operations.
- [PROMPT_INJECTION]: The hook architecture allows for injecting system reminders into the agent context, creating a surface for indirect prompt injection if the hooks process untrusted data from events like PreToolUse. 1. Ingestion points: Data is read from stdin and parsed as JSON in the TypeScript handler. 2. Boundary markers: No specific delimiters or safety instructions are included in the template to isolate hook-injected content. 3. Capability inventory: Hooks can block tool use or inject messages that influence agent behavior. 4. Sanitization: The provided template does not include input validation or output escaping.
Audit Metadata