KR-HK-010: Secrets in Hook Command - Kiro Hooks

Summary

• Rule ID: KR-HK-010
• Severity: HIGH
• Category: Kiro Hooks
• Normative Level: MUST
• Auto-Fix: No
• Verified On: 2026-03-06

Applicability

• Tool: kiro
• Version Range: unspecified
• Spec Revision: unspecified

Evidence Sources

• https://kiro.dev/docs/hooks

Test Coverage Metadata

• Unit tests: true
• Fixture tests: true
• E2E tests: false

Examples

The following examples demonstrate what triggers this rule and how to fix it.

Invalid

{"event": "promptSubmit", "runCommand": "curl -H 'Authorization: Bearer sk-live-secret123'"}

Valid

{"event": "promptSubmit", "runCommand": "echo $API_KEY"}