skills/89jobrien/atelier/handoff/Gen Agent Trust Hub

handoff

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script helpers/handoff-db.sh is vulnerable to SQL injection. It constructs queries by interpolating values extracted from the HANDOFF.yaml file directly into the sqlite3 command-line utility strings without any sanitization or parameterization.
  • Evidence: In helpers/handoff-db.sh, the upsert and status commands use shell variables such as ${name}, ${id}, and ${NEW_STATUS} directly inside single-quoted SQL statements: sqlite3 "$DB" "INSERT INTO items (...) VALUES (..., '${name}', ...)". Because the content of HANDOFF.yaml can be influenced by commit history, manifest files, or direct user input, an attacker could craft malicious YAML values (e.g., using single quotes to break out of the SQL string) to execute arbitrary SQL commands on the local database.
  • [COMMAND_EXECUTION]: The skill uses several internal helper scripts (handoff-detect, handoff-db, handoff-reconcile, generate-ctx-docs) that are executed via the Bash tool with arguments derived from the file system and project structure.
  • Evidence: SKILL.md instructs the agent to run commands like handoff-reconcile sync --project <project> --handoff <path>. If project identifiers or file paths are manipulated to contain shell metacharacters, it could lead to command injection if the underlying scripts do not handle arguments securely.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 11:29 AM
Security Audit — agent-trust-hub — handoff