handoff
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the handoff documentation file.
- Ingestion points: The 'Resume Mode' phase reads the 'docs/HANDOFF.md' file and automatically processes the '## Artifacts' section.
- Boundary markers: The instructions do not define boundary markers or 'ignore' instructions when reading the contents of files listed in the artifacts section.
- Capability inventory: The skill has the capability to read any local text file and run 'git' commands for status and history.
- Sanitization: There is no validation or sanitization of the file paths provided in the '## Artifacts' section, meaning a malicious file could point the agent to sensitive locations like '.env' or SSH configuration files.
Audit Metadata