handoff
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to execute git commands (status, diff, commit), GitHub CLI (gh run list), and project build scripts (npm run build). While these are standard for development workflows, they involve executing scripts defined within the repository.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified. The skill's logic depends on the content of external files such as Plans.md and code review reports to generate handoff documentation and determine if a commit should proceed.
- Ingestion points: The skill reads
Plans.md,.claude/state/session.json, and external review results fromharness-review. - Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are used when processing the content of these files.
- Capability inventory: The skill has high-privilege access including
Bash(command execution),Write, andEdit(filesystem modification). - Sanitization: There is no evidence of sanitization or validation of the text read from
Plans.mdbefore it is incorporated into reports or used to drive workflow transitions.
Audit Metadata