create-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local shell scripts (~/.claude/scripts/spec_metadata.sh) and Python scripts (artifact_index.py) using the 'uv' runner. These commands are restricted to the local filesystem for indexing session artifacts and do not involve untrusted remote sources.
- [DATA_EXPOSURE] (SAFE): The skill reads session metadata from local git configurations and the '~/.claude' directory to populate handoff files. This access is consistent with its primary purpose and the data is not exfiltrated via network calls.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill reads content from previous handoff files located in 'thoughts/shared/handoffs/'. While this is an ingestion point for untrusted data, the skill only uses this data for metadata generation and local file naming, posing no significant risk of code execution or behavioral override.
Audit Metadata