handoff-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill establishes a protocol where a 'Receiver' agent parses and executes instructions provided in the 'Body' section of a
context.mdfile written by a 'Sender' agent. This design creates a vulnerability to indirect prompt injection. - Ingestion points: The
Bodyfield withincontext.mdlocated inagents/<agent-name>/handoff/<task-id>/. - Boundary markers: Absent. The protocol does not define delimiters or specific instructions for the agent to distinguish between task metadata and potentially malicious embedded instructions.
- Capability inventory: The protocol grants agents the ability to read/write files in structured directories and perform arbitrary tasks based on natural language descriptions.
- Sanitization: Absent. There is no requirement or mechanism mentioned for the receiving agent to sanitize or validate the content of the handoff message before execution.
- [No Code] (SAFE): The skill consists entirely of documentation and structural guidelines for agent interaction. No scripts, executables, or third-party dependencies are included.
Audit Metadata