handoff
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands including
git branch,git status,git diff,git log, andlsto gather project context and list handoff files. These operations are limited to the local repository. - [DATA_EXPOSURE]: The skill accesses project-level metadata (git history and status) to generate summaries. It explicitly warns against including sensitive information like API keys in the generated documents.
- [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface as it reads previously created markdown files from the
docs/handoff/directory to resume work. - Ingestion points: Files located in
docs/handoff/are read during the 'Resume' workflow. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Local file system write access and execution of standard git commands.
- Sanitization: No explicit sanitization of file content is mentioned before the agent processes the retrieved text.
Audit Metadata