handoff
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It reads the full conversation history and modified files to generate a
HANDOFF.mdfile. Malicious instructions embedded in the ingested data (e.g., in a file the agent reads or in the conversation history) could be included in the handoff document and subsequently executed or obeyed by another agent reading that document. - Ingestion points: Full conversation history and any files modified or read during the session (SKILL.md).
- Boundary markers: None identified in the prompt templates.
- Capability inventory: File writing to the project root (SKILL.md).
- Sanitization: No sanitization or filtering of the ingested content is specified before it is summarized into the handoff document.
- [NO_CODE]: The skill consists entirely of natural language instructions and markdown documentation. It does not contain any executable scripts, binaries, or code files.
Audit Metadata