agent-handoff
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary purpose is to generate a 'Start Prompt' for next-thread agents. This creates a surface for indirect prompt injection where malicious instructions embedded in the goal, decisions, or risk context are persisted into a file and subsequently processed as instructions by another agent.
- Ingestion points: The workflow defined in
SKILL.mdand the arguments passed toscripts/create_handoff.py(goal, title, context). - Boundary markers: The generated markdown uses standard headers but lacks explicit delimiters or instructions to ignore embedded commands within user-provided fields.
- Capability inventory: The skill utilizes
scripts/create_handoff.pyto write files to the local filesystem. - Sanitization: There is no sanitization or escaping of input data before it is written to the markdown handoff packet.
- [COMMAND_EXECUTION]: The script
scripts/create_handoff.pyuses thepathlibandargparselibraries to create directories and write files based on user-supplied arguments. While this is the intended functionality for saving handoff skeletons, the lack of path validation on the--outputargument could allow for writing files to unexpected locations within the agent's filesystem permissions.
Audit Metadata