session-handoff
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious logic, obfuscation, or unauthorized network activity was identified in the skill's instructions or Python scripts.\n- [COMMAND_EXECUTION]: The scripts
create_handoff.pyandcheck_staleness.pyutilizesubprocess.runto execute localgitcommands (e.g.,git log,git branch,git diff). These calls are implemented with static argument lists and do not expose the system to command injection as they do not involve shell evaluation or unsanitized user input.\n- [DATA_EXFILTRATION]: Thevalidate_handoff.pyscript includes a security feature that uses regular expressions to detect potential secrets such as API keys, tokens, and database passwords in handoff documents. This prevents the accidental exposure of sensitive information. No network-based exfiltration mechanisms were found.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads and processes markdown files from the filesystem that could be modified by third parties. \n - Ingestion points:
list_handoffs.py,check_staleness.py, andvalidate_handoff.pyread data from the.cursor/handoffs/directory.\n - Boundary markers: The skill uses structured markdown templates and tables to delimit content, though it lacks explicit instructions for the agent to ignore instructions embedded within the handoff files.\n
- Capability inventory: The skill facilitates file writing and retrieval of repository metadata via
git.\n - Sanitization: Scripts use regex-based parsing to extract metadata and do not execute or evaluate the raw content of the handoff documents.\n- [SAFE]: Filename generation in
create_handoff.pyis sanitized to prevent path traversal by restricting the 'slug' input to alphanumeric characters and hyphens.
Audit Metadata