handoff
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from git logs and issue trackers that could contain malicious instructions from untrusted sources. (1) Ingestion points: The skill retrieves session context using
git log,git diff,bd current, andbd listinSKILL.md. (2) Boundary markers: Absent; the skill does not wrap retrieved content in delimiters or include instructions to ignore embedded commands. (3) Capability inventory: Operations are limited to local shell command execution (git, ls, mkdir) and file system writes; no network exfiltration or privilege escalation paths were identified. (4) Sanitization: Absent; content from external sources is directly interpolated into generated handoff documents and continuation prompts.
Audit Metadata