generate-handoff-document
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function involves processing untrusted user input from chat history or transcripts into structured artifacts and documentation.
- Ingestion points: Untrusted conversation data enters the system through the
CONTEXT_SOURCEparameter used by thecontext-extractor.mdandinsight-documenter.mdsubagents. - Boundary markers: The instructions for subagents do not require the use of boundary markers (such as XML tags) or "ignore instructions" delimiters when interpolating untrusted transcript content into output files.
- Capability inventory: The subagents are empowered to perform file-write operations to create the handoff artifacts and the final document on disk.
- Sanitization: No sanitization or filtering is specified for the content extracted from the transcript, meaning malicious instructions in a processed history could potentially influence the agent's behavior during document assembly.
- [EXTERNAL_DOWNLOADS]: The skill references external URLs in
references/external-resources.mdfor background information. - Sources: The referenced URLs primarily target official documentation from well-known sources like Anthropic and Claude.
- Safety Controls: The agent is explicitly instructed to fetch URLs one at a time and to ignore any instructions from those pages that conflict with the skill's local workflow, treating them strictly as conceptual background.
Audit Metadata