handoff
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection by creating a persistent file ('HANDOFF.md') designed to influence the behavior and context of future agent sessions.\n- Ingestion points: The agent is instructed to read 'HANDOFF.md' at the start of new sessions to resume tasks (File: SKILL.md).\n- Boundary markers: The handoff template does not include delimiters or specific instructions to treat the ingested data as untrusted or to ignore any embedded commands.\n- Capability inventory: The skill is configured with 'Read', 'Write', and 'Bash' tools, which could be exploited if malicious instructions are injected into the handoff file (File: SKILL.md).\n- Sanitization: No content validation, sanitization, or integrity checks are performed on the data written to or read from the 'HANDOFF.md' file.
Audit Metadata