handover
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the handover generation process.
- Ingestion points: The skill collects data from the current session's work status, git branch information, user-provided arguments ($ARGUMENTS), and responses to interactive user questions.
- Boundary markers: The generation instructions do not define explicit delimiters or 'ignore' instructions for the content being processed into the handover file.
- Capability inventory: The skill performs file system write operations to the
.claude/handovers/directory. - Sanitization: There is no evidence of data sanitization, escaping, or validation performed on session context or user input before it is written to the handover document.
Audit Metadata