slicc-handoff
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol and API definitions from
sliccy.ai/llms.txt. This is used to ensure the agent uses the correct data structures for the handoff protocol. - [COMMAND_EXECUTION]: The provided script
scripts/slicc-handoffusesnode:child_processto trigger the system's default browser opener (such asopenon macOS,xdg-openon Linux, orstarton Windows). The script safely encodes user-provided instructions usingencodeURIComponentbefore passing them to the shell, preventing command injection. - [DATA_EXFILTRATION]: The skill transmits task context and instructions to
localhost:5710(a local SLICC instance) and tosliccy.aivia URL parameters. This behavior is the core purpose of the skill—handing off work to the browser agent— and the instructions explicitly warn the user not to include sensitive credentials in the handoff text.
Audit Metadata