session-handoff
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local
gitcommands via Python'ssubprocess.runto extract repository metadata such as branch names, commit history, and modified files. These operations are performed using list-style arguments, which is a secure implementation that prevents shell injection vulnerabilities. - [SAFE]: The skill includes a dedicated security script (
validate_handoff.py) that uses regular expression patterns to scan generated handoff documents for accidental inclusion of sensitive data, such as API keys, tokens, and passwords, before they are finalized. - [SAFE]: File system operations are scoped to the local project environment, primarily creating and reading files within a
.claude/handoffs/directory. Path sanitization and existence checks are performed before processing files.
Audit Metadata