handoff

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is a workflow enhancement tool designed for session context management and does not contain any suspicious remote code, external downloads, or exfiltration patterns.
  • [PROMPT_INJECTION]: The skill allows the agent to read and follow instructions from a local 'handoff.md' file, which constitutes a potential surface for indirect prompt injection if the file is modified by a malicious actor.
  • Ingestion points: The agent reads 'handoff.md' or files in the '.handoff/' directory to initialize its session context (SKILL.md).
  • Boundary markers: No explicit delimiter or 'ignore' instructions are provided for the file ingestion.
  • Capability inventory: File system read/write access and the ability to execute general agent tasks.
  • Sanitization: No input validation or sanitization of the handoff file content is performed.
  • Mitigation: The skill includes a manual checkpoint where the agent must summarize the next steps and wait for user confirmation before executing any task from the handoff file.
  • [COMMAND_EXECUTION]: The skill performs standard local filesystem operations, such as creating, reading, and writing markdown documents, to persist state across sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:05 AM
Security Audit — agent-trust-hub — handoff