Skills
skills/kwazema/claude-skills/kw-gsd-phase-handoff/Gen Agent Trust Hub

kw-gsd-phase-handoff

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes Markdown files from the local repository (e.g., .planning/STATE.md, {phase}-CONTEXT.md). These files are untrusted data sources that could contain malicious instructions designed to influence the agent's behavior during the handoff process.
  • Ingestion points: SKILL.md identifies several files in the .planning/ directory as data sources.
  • Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore any natural language instructions found within the project files.
  • Capability inventory: While this specific skill is focused on context building, it prepares the state for the gsd-execute-phase tool which likely possesses broader execution capabilities.
  • Sanitization: No sanitization or validation of the ingested Markdown content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 09:17 AM
Security Audit — agent-trust-hub — kw-gsd-phase-handoff