skills/itzptk/skills/t3code-handoff/Gen Agent Trust Hub

t3code-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a task management workflow for delegating work to new agent threads. No malicious intent, obfuscation, or unauthorized exfiltration was identified.
  • [DATA_EXPOSURE]: The skill manages server connection parameters including RPC credentials and project IDs. The instructions correctly advise the agent to ask the user for these details if they are missing, rather than using hardcoded secrets or insecure storage.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). (1) Ingestion points: Data is pulled from the current conversation context and file paths specified in SKILL.md. (2) Boundary markers: The template uses structured Markdown headers (e.g., ## Task, ## Context) to delimit data. (3) Capability inventory: The skill utilizes the t3code-thread tool with arguments like --worktree and interactionMode. (4) Sanitization: The instructions define a strict structural template and specify imperative descriptions to guide the receiving agent's state.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 10:26 AM
Security Audit — agent-trust-hub — t3code-handoff