skills/csark0812/toolbox/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the capture and persistence of session context, which creates an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: The skill ingests conversation thread history, PRD documents, plan files, and external issue metadata from sources like Linear or GitHub (as specified in SKILL.md and references/planning/build.md).
  • Boundary markers: The skill utilizes a predefined Markdown template for its output, but it does not employ specific delimiters (like XML tags or unique markers) to isolate untrusted user data from the instructions provided to the next agent.
  • Capability inventory: The skill is capable of writing to the local file system and expects subsequent agents to perform operations such as code validation and investigation (referenced in references/agent-routing.md).
  • Sanitization: The protocol includes a mandatory requirement to redact secrets, tokens, credentials, and PII before writing the handoff file, providing a degree of data protection, though it does not explicitly filter for adversarial instructions.
  • [COMMAND_EXECUTION]: The skill and its associated documentation rely on local shell commands for workspace setup and project validation tasks.
  • Evidence: SKILL.md instructs the agent to use mkdir -p and mktemp to manage ephemeral handoff files in the _agent/handoffs/ directory. Additionally, references/agent-routing.md defines the use of project-specific validation tools like validate:changed --pre-pr as part of the agent's core routing invariants.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 05:20 PM
Security Audit — agent-trust-hub — handoff