handoff
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local filesystem operations to save handoff documents. Specifically, it writes markdown files to the
.claude/handoffs/directory. - [DATA_EXFILTRATION]: The skill aggregates session data, including user context and code changes, for the purpose of local persistence. No network activity or external data transmission was detected.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it stores session content for later consumption by an agent.
- Ingestion points: The skill reads session history, user inputs, and modified source code files (SKILL.md).
- Boundary markers: The output uses standard Markdown headers (e.g., ## Decisions Made) but does not include explicit delimiters or instructions telling the future agent to ignore instructions embedded within the handoff data.
- Capability inventory: The skill possesses file-writing capabilities to the local
.claudedirectory. - Sanitization: There is no evidence of content sanitization or filtering to remove potential instructions from the captured session context.
Audit Metadata