handoff
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
mktempsystem utility to generate a unique temporary file path. This is a standard and safe way to handle temporary file creation. - [DATA_EXPOSURE]: The skill processes conversation history and references existing project documentation (PRDs, ADRs, plans) to create a summary. This data access is necessary for the skill's primary purpose and does not involve unauthorized exfiltration.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the conversation history. While this presents a surface for indirect prompt injection (Category 8), the skill only summarizes the information into a text document and does not execute the content or use it to drive sensitive tool calls. The mandatory evidence chain is as follows:
- Ingestion points: Current conversation history (referenced in SKILL.md instructions).
- Boundary markers: None explicitly defined in the prompt.
- Capability inventory: File writing via system tools and
mktemp(SKILL.md). - Sanitization: None specified for the conversation summary.
Audit Metadata