Security: No size limit on hook stdin payload (DoS)

## Summary

The hook handler reads the entire stdin payload without any size limit:

```go
data, err := io.ReadAll(os.Stdin)
```

A malicious or buggy Claude Code extension could send an extremely large payload, causing excessive memory allocation.

## Location
- `cmd/agent-deck/hook_handler.go`, line 81

## Severity
**Medium** — Denial of service via memory exhaustion.

## Suggested Fix
Use `io.LimitReader` to cap input size:
```go
const maxHookPayloadSize = 1 << 20 // 1 MB
data, err := io.ReadAll(io.LimitReader(os.Stdin, maxHookPayloadSize))
```

Found during security audit.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: No size limit on hook stdin payload (DoS) #406

Summary

Location

Severity

Suggested Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: No size limit on hook stdin payload (DoS) #406

Description

Summary

Location

Severity

Suggested Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions