handoff
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs standard text summarization and file writing tasks aimed at session continuity. It follows best practices by instructing the agent to redact credentials.
- [PROMPT_INJECTION]: The skill processes user-provided chat history to generate a handoff file. This constitutes an indirect prompt injection surface where a malicious user could attempt to influence future sessions via the generated file. However, the skill provides specific instructions to mitigate risk. 1. Ingestion points: The entire chat history is processed to extract context. 2. Boundary markers: No explicit delimiters are used to separate ingested content from the output template. 3. Capability inventory: The skill utilizes the agent's ability to write files to the local workspace or temporary directory. 4. Sanitization: The instructions include a mandatory step to redact API keys, passwords, tokens, and personally identifiable information (PII) using [REDACTED] markers.
- [COMMAND_EXECUTION]: The skill suggests using the system utility mktemp to determine a safe path for temporary files if the workspace is unavailable. This is a standard practice for secure file creation and is not considered a security risk in this context.
Audit Metadata