session-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process data from previous interactions, which creates a vulnerability if those interactions contained malicious instructions from untrusted sources (e.g., processed files or web content).
- Ingestion points: Context is ingested through the
<session-continuity>tag and thememory_sessionstool calls. - Boundary markers: The skill uses XML-style delimiters (
<session-continuity>) to isolate session data, which helps the model distinguish context from instructions but is not a complete mitigation. - Capability inventory: The skill primarily uses memory retrieval tools (
memory_sessions,memory_query). It does not contain scripts for arbitrary command execution or network requests. - Sanitization: The skill does not define specific sanitization routines for the data retrieved from memory or session files.
Audit Metadata