handoff
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
mktemputility to create a temporary file path on the local system for storing the handoff document. This is a standard and benign use of a system command for temporary storage. - [INDIRECT_PROMPT_INJECTION]: The skill summarizes the current conversation transcript, which creates a potential surface for indirect prompt injection if the conversation contains malicious instructions.
- Ingestion points: The skill reads the entire current conversation transcript to extract goals, decisions, and state (SKILL.md).
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the conversation text are provided.
- Capability inventory: The skill has the capability to execute shell commands (
mktemp) and write to the file system via the agent's tools. - Sanitization: There is no explicit sanitization or filtering of the conversation content before it is processed into the handoff document.
- [DATA_EXPOSURE]: The skill's instructions suggest capturing environment details, including "secrets," in the handoff document. While this is intended for legitimate context transfer, it involves writing potentially sensitive information to a local temporary file.
Audit Metadata