handoff
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a workflow enhancement tool designed for session context management and does not contain any suspicious remote code, external downloads, or exfiltration patterns.
- [PROMPT_INJECTION]: The skill allows the agent to read and follow instructions from a local 'handoff.md' file, which constitutes a potential surface for indirect prompt injection if the file is modified by a malicious actor.
- Ingestion points: The agent reads 'handoff.md' or files in the '.handoff/' directory to initialize its session context (SKILL.md).
- Boundary markers: No explicit delimiter or 'ignore' instructions are provided for the file ingestion.
- Capability inventory: File system read/write access and the ability to execute general agent tasks.
- Sanitization: No input validation or sanitization of the handoff file content is performed.
- Mitigation: The skill includes a manual checkpoint where the agent must summarize the next steps and wait for user confirmation before executing any task from the handoff file.
- [COMMAND_EXECUTION]: The skill performs standard local filesystem operations, such as creating, reading, and writing markdown documents, to persist state across sessions.
Audit Metadata