handoff
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it summarizes user-controlled conversation history into a document intended for consumption by other agents.
- Ingestion points: The current conversation history is processed to create the summary.
- Boundary markers: Absent. No delimiters are used to separate the summarized content from instructions for the next agent.
- Capability inventory: Uses shell execution (
mktemp) and file system write operations. - Sanitization: None. The skill does not filter or sanitize the conversation content before inclusion in the handoff document.
- [COMMAND_EXECUTION]: The skill executes
mktempto generate a temporary file path. The specific instruction to "read the file before you write to it" is unusual for a newly created temporary file and could be intended to check for or interact with existing content in the temporary directory.
Audit Metadata