handoff
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions suggest that the agent execute the system command
mktemp -t handoff-XXXXXX.mdto determine a storage path for the generated handoff document. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and summarize untrusted data from the current conversation history.
- Ingestion points: The agent processes the entire current conversation history and user-provided arguments within
SKILL.md. - Boundary markers: Absent; the instructions do not require the use of delimiters or specific directives to ignore instructions that might be embedded in the conversation being summarized.
- Capability inventory: The agent is instructed to perform file system writes and execute shell commands (
mktemp) based on the summarized context. - Sanitization: None; the skill provides no guidance on validating, escaping, or filtering the content of the conversation before inclusion in the summary.
Audit Metadata