skills/adeonir/agent-skills/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's core functionality of loading session state presents a surface for indirect prompt injection.
  • Ingestion points: Conversation state is read from .artifacts/.handoff.md during the load workflow described in references/load.md.
  • Boundary markers: The skill uses Markdown headers (e.g., ## YYYY-MM-DD) and bold labels (e.g., **Focus:**) to structure the data, but it does not include instructions for the agent to ignore or isolate potential commands embedded within the saved text.
  • Capability inventory: The skill utilizes file system read/write operations (via SKILL.md and referenced files) and updates the agent's working context with external data.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from the handoff file before it is surfaced to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:44 PM
Security Audit — agent-trust-hub — handoff