save
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash command
kill -INT $CLAUDE_WRAPPER_PIDto end the session and calls/hub nextto update state based on conversation context. - [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by summarizing conversation history into
tmp/handoff.mdfor consumption by future agent sessions. - Ingestion points: Conversation history is read to create the handoff summary.
- Boundary markers: No markers or 'ignore' instructions are provided in the resulting handoff file to prevent future agents from obeying embedded instructions.
- Capability inventory: File system writing and local shell command execution.
- Sanitization: The skill does not perform sanitization or escaping of the conversation content before writing it to the handoff file.
Audit Metadata