Skills
skills/steveclarke/dotfiles/handoff/Gen Agent Trust Hub

handoff

Fail

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions explicitly encourage the agent to gather 'Test credentials' and include them in a 'Credentials' section within the continuation notes. This is a dangerous practice as these credentials are intended to be stored in plain text markdown files.\n- [DATA_EXFILTRATION]: The skill automates a git push operation immediately after creating the continuation file. Because the skill instructs the agent to include credentials and sensitive environment state in this file, the automated push effectively exfiltrates that sensitive data to a remote repository.\n- [COMMAND_EXECUTION]: The skill uses shell commands to manage the handoff process, including git add, git commit, and git push for version control, as well as pbcopy and xclip to modify the user's system clipboard.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it summarizes repository content into a 'resume prompt' for the next session.\n
  • Ingestion points: The agent reads project files, git history, and existing documentation to 'Gather State' (SKILL.md).\n
  • Boundary markers: Absent. The template does not use delimiters or instructions to ignore embedded commands in the processed data.\n
  • Capability inventory: File system writes, shell command execution, git operations (including push), and clipboard access.\n
  • Sanitization: Absent. The agent is instructed to summarize and incorporate findings directly into the generated prompt and file.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 15, 2026, 12:51 PM