handover
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a persistence vector for potential prompt injections. Malicious instructions provided by a user during the session could be summarized into the HANDOVER.md file and later executed by a subsequent AI agent reading that file.
- Ingestion points: The skill analyzes the entire conversation history and session context (Workflow Step 1).
- Boundary markers: The skill lacks delimiters or 'ignore instructions' warnings when interpolating summarized session data into the Markdown template.
- Capability inventory: The skill has the capability to write files to the project root (Workflow Step 4).
- Sanitization: No sanitization or validation of the summarized text is specified to prevent instructions from being treated as executable commands by a future agent.
Audit Metadata