setup-chess-timer-hooks
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through the use of context-aware hooks.
- Ingestion points: Untrusted data enters the agent context via user conversation prompts (keywords like 'implement' or 'fix') and the bash output from 'git commit' commands.
- Boundary markers: No explicit boundary markers or delimiters are defined to isolate the untrusted input from the resulting instructional prompts.
- Capability inventory: The hooks instruct the agent to execute specific MCP tools including 'get_active_session', 'start_work_session', and 'complete_work_session'.
- Sanitization: There is no evidence of sanitization or filtering applied to the triggering inputs before they influence agent behavior.
- [DATA_EXFILTRATION]: The skill performs file system operations by writing rule configurations to the '~/.claude/' directory during the installation process. This is a local configuration path used to persist the skill's functionality across sessions.
Audit Metadata