session-handoff
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's functionality is limited to analyzing current conversation history and formatting it into a summary prompt. It does not perform file system writes, network requests, or command execution.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because it processes untrusted user input from the session history.
- Ingestion points: The skill reads the entire current session context to create a summary.
- Boundary markers: While it uses structured markdown headers for the output, it does not explicitly instruct the recipient agent to ignore or delimit potentially malicious instructions within the distilled context.
- Capability inventory: The skill does not utilize any high-risk capabilities such as
eval(), subprocess calls, or network requests. - Sanitization: No explicit sanitization or escaping of the ingested conversation history is performed.
- Note: This vulnerability surface is inherent to the skill's primary purpose of context management and is considered a low risk in this specific implementation.
Audit Metadata