hammertime
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as prompt injection for safety bypass, data exfiltration, or unauthorized remote code execution were detected.
- [COMMAND_EXECUTION]: The skill includes Python scripts (
scripts/create-timer.py,scripts/status.py) used to manage the rule database. These scripts perform legitimate file operations within the user's local directory (~/.claude/hammertime/) to store state and configuration. - [DATA_EXFILTRATION]: The skill uses a scoring engine that may involve a verification call to an LLM (Haiku) to judge ambiguous rule violations. This is a standard functional requirement for the guardrail system and does not involve exfiltrating sensitive credentials or personal data to unauthorized third parties.
- [PROMPT_INJECTION]: The skill's primary function is to inject instructions into the agent's context when a behavioral violation is detected (block messages). These are intended as user-controlled guardrails to enforce quality and task completion, rather than adversarial injections meant to subvert the agent's core safety protocols.
Audit Metadata