handoff
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes the entire conversation history to generate a handoff document, which presents an indirect prompt injection surface.
- Ingestion points: The skill instructions direct the agent to read the full conversation carefully to extract goals, context, and next steps.
- Boundary markers: The instructions do not provide explicit delimiters or "ignore instructions" directives to prevent the agent from acting on malicious commands that might be embedded in the conversation history.
- Capability inventory: The skill utilizes local file writing capabilities to create markdown documents.
- Sanitization: No sanitization or validation of the conversation content is performed during the extraction process.
- [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were detected. The skill's behavior is transparent and its operations are restricted to the local workspace. All file operations are consistent with the documented purpose of creating handoff documentation.
Audit Metadata