handoff
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command
mktemp -t handoff-XXXXXX.mdto generate a temporary file path on the local system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted conversation data.
- Ingestion points: The skill ingests the entire conversation history and user-provided arguments to generate a summary.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the next agent to ignore embedded instructions within the handoff document.
- Capability inventory: The skill has the capability to write to the local file system (SKILL.md).
- Sanitization: Absent. There is no requirement to sanitize or escape the content being summarized, allowing malicious instructions from the current session to be persisted into the handoff document intended for a future agent.
Audit Metadata