handoff
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No attempts to override system prompts or bypass safety filters were detected. The instructions are focused on structured documentation tasks.
- [Data Exposure & Exfiltration] (SAFE): The skill only interacts with a local 'HANDOFF.md' file within the project directory. There are no network calls or attempts to access sensitive system paths (e.g., SSH keys or environment variables).
- [Indirect Prompt Injection] (LOW): A surface for indirect prompt injection exists because the skill reads content from an existing 'HANDOFF.md' file which could contain malicious instructions.
- Ingestion points: Reads 'HANDOFF.md' in Step 2.
- Boundary markers: Absent; the content of the file is read without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: Limited to reading and writing the 'HANDOFF.md' file; the skill does not have access to the shell, network, or other sensitive tools.
- Sanitization: None; the skill reads and processes the file content directly.
- [Persistence Mechanisms] (SAFE): While the skill creates a persistent file, it is for documentation purposes and does not attempt to modify startup scripts, crontabs, or system services.
Audit Metadata