Skills
skills/troykelly/claude-skills/worker-handover/Gen Agent Trust Hub

worker-handover

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to perform repository management and testing tasks using git, pnpm, and the gh CLI. These actions are consistent with the skill's stated purpose.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Handover data is retrieved from GitHub issue comments using the gh api command in SKILL.md.
  • Boundary markers: The process relies on <!-- HANDOVER:START --> and <!-- HANDOVER:END --> tags. These markers identify the data but do not prevent the inclusion of malicious instructions within the handover body.
  • Capability inventory: The agent possesses powerful tools, including arbitrary Bash execution and GitHub integration (mcp__github__*), which could be leveraged if the agent inadvertently follows instructions embedded in a comment.
  • Sanitization: There is no evidence of sanitization or validation of the fetched comment content, allowing external, potentially adversarial text to enter the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM