handover
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands such as 'maw wake' and 'maw hey' by directly interpolating user-provided arguments ('oracle' and 'instruction'). The absence of input sanitization or escaping allows for potential command injection if a user provides input containing shell metacharacters (e.g., semicolons, backticks, or pipes).
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by facilitating the transfer of untrusted user instructions to other agents without proper containment. Ingestion points: User input captured via the and arguments in SKILL.md. Boundary markers: No delimiters or safety instructions are used when writing the handoff file or sending the message via the 'maw' utility. Capability inventory: The skill uses 'mkdir' for filesystem operations and the 'maw' CLI for agent communication and system control. Sanitization: No validation, filtering, or escaping is performed on the user-supplied content before it is processed and executed.
Audit Metadata