handoff
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard git commands (
git branch,git status,git diff --stat,git log,git stash) to gather metadata about the current workspace state. These operations are limited to read-only status checks and do not modify the repository. - [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection through its context-gathering layers.
- Ingestion points: The skill reads data from the current conversation history (Layer 2) and searches for project artifacts in
.omc/specs/and.omc/plans/(Layer 4). - Boundary markers: The final output is wrapped in a markdown fenced code block, which provides a structural boundary for the next session's agent.
- Capability inventory: The skill has access to
Bash(git *),Read,Glob, andGreptools. - Sanitization: There is no explicit sanitization or filtering of instructions found within the processed artifacts or conversation history before they are summarized into the handoff prompt.
- [DATA_EXFILTRATION]: While the skill accesses sensitive git metadata and file contents, it does not perform any network operations or include external URLs. The output is presented directly to the user in the terminal for manual copying.
Audit Metadata