load-handoff
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill reads and processes untrusted external data from HANDOFF.md and any files it references, using that content to determine its next actions.
- Ingestion points: Reads HANDOFF.md and 'Key Files' listed therein (SKILL.md).
- Boundary markers: Absent. There are no instructions to the agent to treat the file content as data rather than instructions.
- Capability inventory: The skill directs the agent to 'Execute next steps' based on the file content, which gives the data direct control over the agent's tool-use capabilities.
- Sanitization: Absent. No validation is performed on the content of the handoff file before it is adopted as the current task context.
Recommendations
- AI detected serious security threats
Audit Metadata