handoff
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to save a summary document to the operating system's temporary directory, which involves a file write operation outside the current project workspace. Evidence: "Save to the temporary directory of the user's OS
- not the current workspace.".
- [DATA_EXFILTRATION]: The skill directs the agent to store conversation data in a location outside the controlled workspace. This risk is mitigated by an explicit safety instruction. Evidence: "Redact any sensitive information, such as API keys, passwords, or personally identifiable information.".
- [PROMPT_INJECTION]: The skill processes untrusted conversation history to generate output, creating an indirect prompt injection surface.
- Ingestion points: The entire current conversation history is ingested to produce the summary.
- Boundary markers: No specific markers are used to isolate conversation content from the system instructions.
- Capability inventory: The agent's file system writing tools are utilized to create the handoff document.
- Sanitization: The skill includes a manual mitigation instruction to redact sensitive data before the document is finalized.
Audit Metadata