tool-guard
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and wires shell (.sh), PowerShell (.ps1), and TypeScript (.ts) scripts to act as pre-execution hooks that intercept and validate agent terminal commands.\n- [COMMAND_EXECUTION]: Uses the
chmod +xcommand to grant execution permissions to the generated shell scripts on the host system.\n- [COMMAND_EXECUTION]: Modifies repository configuration files, such as.claude/settings.jsonand.github/hooks/tool-guard.json, to register these scripts for automated execution during agent activity.\n- [PROMPT_INJECTION]: Creates a surface for indirect prompt injection where a repository'spolicy.jsonfile can include instructions within the 'reason' fields. These strings are returned to the agent context when a command is blocked or triggers a warning, potentially influencing the agent's behavior.\n - Ingestion points:
hooks/tool-guard/policy.json(read by hooks at runtime).\n - Boundary markers: Absent; the reason string is interpolated directly into the platform's JSON response to the agent.\n
- Capability inventory: Terminal command monitoring and blocking capabilities across multiple platforms.\n
- Sanitization: None; feedback messages are passed to the agent as raw strings.
Audit Metadata