peach-handoff
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill reads and summarizes content from session handoff files (docs/handoff/**/*.md), which is an ingestion point for untrusted or previously recorded data that could contain malicious instructions.\n
- Ingestion points: The Load mode reads markdown files from the docs/handoff/ directory.\n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the loaded file content as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The skill has access to the Bash, Write, and Read tools, which could be leveraged if the agent inadvertently follows instructions embedded in a handoff file.\n
- Sanitization: The skill does not perform any sanitization, filtering, or validation of the content within the handoff files before processing them for summary and task suggestion.
Audit Metadata