fix(hooks): resolve security eval and session-start output schema#117
Open
googlarz wants to merge 4 commits intoaddyosmani:mainfrom
Open
fix(hooks): resolve security eval and session-start output schema#117googlarz wants to merge 4 commits intoaddyosmani:mainfrom
googlarz wants to merge 4 commits intoaddyosmani:mainfrom
Conversation
Fast-forward merged 8 upstream commits (a11y + performance checklist improvements). Added fork note linking to the 3 open PRs. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a production-grade calendar and task management skill for Claude Code. Features: - Rich context-aware Google Calendar entries with transcript links - Detects scheduling conflicts before committing - Respects work hours and user preferences via pattern matching - Manages local task lists without external dependencies - Optional prep blocks before meetings (user-confirmed per event) - Supports recurring events with RRULE - Bulk reschedule for schedule adjustments Python implementation (calendar.py, tasks.py) handles OAuth setup, Google Calendar API integration, and local task storage. Comprehensive documentation includes: - SKILL.md: Complete workflow reference and command documentation - README.md: User guide with practical examples and troubleshooting - INTEGRATION.md: Step-by-step guide for adding to agent-skills fork - preferences.json: Event-type pattern matching configuration No maintenance commitment; contributions welcome.
- simplify-ignore-test.sh: replace eval "$(sed...)" with source (fixes addyosmani#106 critical finding — eval of extracted file content is an injection vector if simplify-ignore.sh is ever modified maliciously) - simplify-ignore.sh: add BASH_SOURCE guard so sourcing only loads function definitions; use ${CACHE:-...} so callers can override - session-start.sh: switch from undocumented {priority,message} JSON to plain text stdout — the only reliable output path for plugin SessionStart hooks (hookSpecificOutput.additionalContext is dropped by CC bug #16538; {priority,message} fields are silently ignored) Fixes addyosmani#106, addyosmani#110 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two issues surfaced in #106 and #110.
Fix #106 — eval injection vector in simplify-ignore-test.sh (Critical)
eval "$(sed -n '/^filter_file()/,/^}/p' hooks/simplify-ignore.sh)"extracted and eval'd a function at test-runner startup. Any future modification tosimplify-ignore.shthat placed malicious content in or nearfilter_filewould execute without review, since test runners are read with low suspicion.Fix: restructured
simplify-ignore.shso it is safe to source:hash_cmd,file_id,block_hash,escape_glob,filter_file) come firstBASH_SOURCEguard immediately follows — sourcing stops here, so no jq check, noINPUT=$(cat), no stdin blockingCACHEuses${CACHE:-...}so callers (e.g. tests) can override via an exported variablesimplify-ignore-test.shnow sources the file with. hooks/simplify-ignore.sh— clean, no eval.All 21 tests pass.
Fix #110 — session-start.sh uses undocumented JSON output schema
{"priority": "IMPORTANT", "message": "..."}uses fields that don't exist in the Claude Code hook schema. When CC receives JSON starting with{but with unrecognized fields, it silently ignores them — the meta-skill content was never injected.Claude Code docs define two valid SessionStart output shapes:
{"hookSpecificOutput": {"additionalContext": "..."}}— correct structured schema, but broken for plugin-registered hooks (CC bug #16538 silently drops plugin SessionStartadditionalContext)Fix: switch to plain text stdout (shape 1), which works reliably for both native and plugin hooks.
jqdependency removed.Test plan
bash hooks/simplify-ignore-test.sh— 21/21 passbash hooks/session-start.sh— outputs plain text with meta-skill contentFixes #106, #110