creating-handoffs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes local Python scripts (e.g., list_handoffs.py, create_handoff.py) for session management. While the provided script is safe, the workflow involves shell execution with user-influenced parameters like task slugs.
- [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8) because the RESUME workflow directs the agent to read and adopt the context and 'Immediate Next Steps' from markdown files stored in the project's .claude/handoffs/ directory. Evidence Chain: 1. Ingestion points: .claude/handoffs/*.md files (Step 3 of RESUME Workflow). 2. Boundary markers: Absent; the agent is told to read the document 'completely'. 3. Capability inventory: Local Python script execution, file system access, and standard agent tools. 4. Sanitization: Absent.
Audit Metadata