The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts create_handoff.py and check_staleness.py invoke Git commands via subprocess.run to extract metadata like branch names and recent commit hashes. These calls use list-based arguments rather than shell strings, which safely prevents command injection vulnerabilities.\n- [SAFE]: The skill includes a proactive security measure in validate_handoff.py, which scans content for sensitive patterns like API keys and tokens. This demonstrates a security-conscious design intended to protect user credentials during the session transfer process.\n- [SAFE]: Heuristic detections of dynamic code patterns in list_handoffs.py were investigated and found to be benign. The script uses a non-standard import style (__import__('re').compile(...)) to initialize a regular expression from the standard library, posing no risk of arbitrary code execution.

session-transfer