handoff-coordinator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exhibits an indirect prompt injection surface because it reads progress summaries from local files like
claude-progress.txtto populate handoff packages. 1. Ingestion points:scripts/state_serializer.pyandscripts/context_bridge.pyingest content from text-based status files. 2. Boundary markers: Absent; the protocol transfers raw extracted text. 3. Capability inventory: Local file writing and subprocess execution for Git metadata. 4. Sanitization: Minimal; uses regex to parse specific markdown-like sections. This finding is downgraded to SAFE as the behavior is central to the skill's core functionality of context bridging. - [Command Execution] (SAFE): The skill uses
subprocess.runto call Git for metadata collection. Arguments are provided as a list with no shell interpolation, preventing command injection vulnerabilities.
Audit Metadata