handoff
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
pbcopycommand via a shell pipe (echo "..." | pbcopy) to transfer the generated summary to the macOS clipboard. Using double quotes in the echo command without explicit escaping could lead to unintended command substitution if the generated content contains shell-sensitive characters like backticks or dollar signs. - [PROMPT_INJECTION]: The skill serves as a vector for indirect prompt injection (Category 8). It aggregates untrusted data from the current conversation to construct a prompt for a future session. If the current session has been influenced by malicious instructions, those instructions could be persisted across session boundaries.
- Ingestion points: Current session history, file paths, and error messages (SKILL.md).
- Boundary markers: None. The skill does not use specific delimiters or instructions to tell the next session's agent to ignore embedded commands in the handoff text.
- Capability inventory: Execution of shell commands via
pbcopy(SKILL.md). - Sanitization: None. There is no evidence of filtering or escaping logic to prevent malicious payload persistence.
Audit Metadata