session-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill directs the agent to execute local Python scripts (e.g., create_handoff.py, validate_handoff.py) with user-supplied arguments like task slugs. While the provided scripts are benign, the execution of unprovided code with dynamic arguments is a minor concern.\n- PROMPT_INJECTION (LOW): The skill contains an indirect prompt injection surface (Category 8) because the agent is instructed to read and adhere to instructions found in handoff documents. Evidence: 1. Ingestion points: .claude/handoffs/*.md files. 2. Boundary markers: Absent in instructions. 3. Capability inventory: Python script execution and file system access. 4. Sanitization: Not explicitly present in agent instructions.\n- DATA_EXFILTRATION (SAFE): The skill accesses local project metadata and git history to document context. No network exfiltration or unauthorized data access patterns were identified, and the skill includes specific workflows for secret detection.
Audit Metadata