handoff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains instructional text intended to guide the agent through a handoff process. It does not contain bypass markers, jailbreak attempts, or instructions to ignore safety protocols. The instructions for the 'receiving' agent are clearly delineated as part of the intended workflow.
- [Indirect Prompt Injection] (LOW): The skill is designed to pass instructions to a subsequent agent session ('Instructions for You' section). This establishes a communication channel between sessions which is a potential surface for indirect injection if the source context contained malicious data.
- Ingestion points: The briefing content delivered via the
send_dev_messagetool. - Boundary markers: None explicitly enforced; the briefing uses standard Markdown headers.
- Capability inventory: The skill uses
create_dev_sessionandsend_dev_messageto manage process lifecycle. - Sanitization: None; the skill relies on the agent to synthesize knowledge accurately.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive system paths (e.g., SSH keys), or suspicious network requests to external domains were found.
- [Command Execution] (SAFE): The skill references
tmux attach, which is a standard command for users to interact with terminal sessions. No automated execution of arbitrary or elevated commands was detected.
Audit Metadata