ac-handoff-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill captures session context and next actions into a structured JSON package to be loaded by future sessions, creating a bridge for cross-session instruction injection.
- Ingestion points: Data is ingested from the current session's file modifications, decision logs, and progress summaries (SKILL.md).
- Boundary markers: No boundary markers or instructions to ignore embedded commands are specified for the 'context' or 'next_actions' JSON fields.
- Capability inventory: The skill references
scripts/handoff_creator.pyfor execution and integration with state-tracking tools. - Sanitization: There is no evidence of sanitization or validation of the text content placed into the handoff package.
Audit Metadata