session-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a basic shell command to retrieve the current session ID from the environment variable CLAUDE_CODE_SESSION_ID.
  • [SAFE]: The skill writes session handoff documentation to the local project directory (docs/handoffs/) and utilizes internal platform tools (mem_save, mem_session_summary) for persistence, which aligns with its documented purpose.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted conversation history to generate summaries. Ingestion points: Conversation history used in Steps 2, 3, and 7. Boundary markers: Absent; the skill does not use delimiters to isolate user-provided content from instructions during summarization. Capability inventory: File system write access and execution of memory persistence tools. Sanitization: None performed on the ingested conversation data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 04:32 PM
Security Audit — agent-trust-hub — session-handoff