The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local git commands (git remote get-url origin, git rev-parse --show-toplevel) to identify project names and repository details. These operations are limited to metadata extraction for the purpose of organizing handoff documents and do not involve untrusted input.
[DATA_EXPOSURE]: The generated handoff documents capture session metadata including full file system paths and git remote URLs. Users should be aware that these documents are stored locally and may contain sensitive environment details, especially if credentials are embedded in git remote URLs.
[INDIRECT_PROMPT_INJECTION]: The skill processes the conversation context to generate a 'Resume Prompt'.
Ingestion points: Full conversation context is analyzed during the /handoff command execution.
Boundary markers: None used to separate historical context from the summary logic.
Capability inventory: Filesystem write access (mkdir -p and file creation) and local git commands.
Sanitization: No explicit sanitization or escaping of conversation content before interpolation into the markdown template. While this presents a surface for indirect prompt injection, it is a functional requirement for context preservation and carries no significant risk in this local-only implementation.

handoff