session-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill demonstrates strong security awareness. It explicitly instructs users and the AI agent not to include sensitive data like API keys, passwords, or tokens in handoff files. The
validate_handoff.pyscript and thereferences/handoff-template.mdemphasize secret detection and removal as a mandatory step before finalizing documents. - [Command Execution] (LOW): The skill utilizes several local Python scripts (
create_handoff.py,validate_handoff.py,list_handoffs.py,check_staleness.py) to automate tasks. These are standard utility scripts used for local project management. The commands observed inSKILL.mduse static script paths and well-defined arguments, presenting minimal risk of command injection. - [Prompt Injection] (SAFE): No evidence of malicious prompt injection, behavioral overrides, or safety bypasses. The 'important context' and 'ignore' instructions are used legitimately within the context of managing session handoffs.
- [Unverifiable Dependencies] (SAFE): The provided scripts appear to use standard Python libraries (like
os,re,sys,pathlib). No external package installations or remote script executions (e.g., curl|bash) were found in the analyzed files. - [Persistence Mechanisms] (SAFE): The skill stores state information in a project-local directory (
.claude/handoffs/). It does not attempt to modify shell profiles, system services, or registry keys for persistence. - [Indirect Prompt Injection] (LOW): While the skill processes handoff files which could theoretically contain instructions, it includes a robust validation step and a resume checklist that encourages human-in-the-loop verification of the context before proceeding.
Audit Metadata