handoff
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
mktempto create a temporary file and write the conversation summary to it. This involves direct shell command invocation to manage file paths. - [DATA_EXFILTRATION]: Writing conversation summaries to the
/tmpdirectory (as generated bymktemp) can expose sensitive information to other local users on a multi-user system, as these directories are often globally readable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from the conversation history.
- Ingestion points: Conversation history and user-supplied focus description in SKILL.md.
- Boundary markers: None present; the agent is not instructed to use delimiters or ignore embedded commands within the conversation data being summarized.
- Capability inventory: File system write access via the summarized content output.
- Sanitization: No explicit sanitization or validation of the conversation content is performed before it is included in the handoff document.
Audit Metadata