create-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to bypass AI safety filters or override system prompts.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets or network operations detected. The skill identifies file paths for context but does not transmit contents externally.
- [Indirect Prompt Injection] (INFO): The skill processes project files to generate a summary. While it reads untrusted data from the codebase, its only capability is writing a static Markdown file (HANDOFF.md). It lacks the ability to execute code or make network calls based on the ingested data.
- [COMMAND_EXECUTION] (SAFE): No shell commands or subprocess executions were found in the skill definition.
Audit Metadata