takeover
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill reads external data from the
.claude/handovers/directory which is then processed by the agent. - Ingestion points: Handover files in
.claude/handovers/(SKILL.md). - Boundary markers: Absent; no delimiters are used to separate handover content from system instructions.
- Capability inventory: File system access via
GlobandRead(SKILL.md). - Sanitization: Absent; content is read and presented without filtering.
Audit Metadata