handoff
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a shell command string (
f=$(mktemp -t handoff) && mv "$f" "$f.md" && echo "$f.md") to create and manage temporary files on the host system. - [PROMPT_INJECTION]: The skill implements a surface for indirect prompt injection by instructing the agent to tailor the output document based on untrusted user arguments without employing boundary markers or sanitization.
- Ingestion points: User-supplied arguments are processed to determine the focus of the handoff document.
- Boundary markers: Absent; there are no instructions to ignore malicious directives within the arguments.
- Capability inventory: The agent has the ability to execute shell commands and write to the file system (SKILL.md).
- Sanitization: Absent; the user input is interpolated into the generation process directly.
- [DATA_EXFILTRATION]: The skill aggregates conversation history into a local file. While it does not transmit this data over a network, it creates a local exposure of potentially sensitive information within the system's temporary directory.
Audit Metadata