session-handoff
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates the ingestion of untrusted data through its handoff mechanism. 1. Ingestion points: The references/load.md file defines the workflow for reading session snapshots from .artifacts/.session-handoff.md into the active context. 2. Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for the loaded data. 3. Capability inventory: The agent possesses standard tool capabilities (e.g., shell access, file writes) that could be exploited if malicious instructions are loaded into the conversation context. 4. Sanitization: There is no validation or sanitization of the snapshot content before it is processed by the agent.
- [SAFE]: Local Operation. The skill manages session state using a local file and does not request network access, perform external downloads, or access sensitive system paths like credentials or SSH keys.
Audit Metadata