handoff
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
helpers/handoff-db.shis vulnerable to SQL injection. It constructs queries by interpolating values extracted from theHANDOFF.yamlfile directly into thesqlite3command-line utility strings without any sanitization or parameterization. - Evidence: In
helpers/handoff-db.sh, theupsertandstatuscommands use shell variables such as${name},${id}, and${NEW_STATUS}directly inside single-quoted SQL statements:sqlite3 "$DB" "INSERT INTO items (...) VALUES (..., '${name}', ...)". Because the content ofHANDOFF.yamlcan be influenced by commit history, manifest files, or direct user input, an attacker could craft malicious YAML values (e.g., using single quotes to break out of the SQL string) to execute arbitrary SQL commands on the local database. - [COMMAND_EXECUTION]: The skill uses several internal helper scripts (
handoff-detect,handoff-db,handoff-reconcile,generate-ctx-docs) that are executed via theBashtool with arguments derived from the file system and project structure. - Evidence:
SKILL.mdinstructs the agent to run commands likehandoff-reconcile sync --project <project> --handoff <path>. If project identifiers or file paths are manipulated to contain shell metacharacters, it could lead to command injection if the underlying scripts do not handle arguments securely.
Audit Metadata