code-handoff
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to create a 'suggested skills' section for the next agent to invoke. This creates an indirect prompt injection surface where malicious instructions or skill names embedded in the conversation being summarized could be carried over and presented as authoritative recommendations to the next agent session.
- [COMMAND_EXECUTION]: The instructions require the agent to save the summary to the 'temporary directory of the user's OS' specifically excluding the current workspace. This involves file system operations outside the controlled environment of the project workspace, which can lead to data exposure on multi-user systems where temporary folders are shared.
- [PROMPT_INJECTION]:
- Ingestion points: The skill processes the entire current conversation history (SKILL.md).
- Boundary markers: No boundary markers or 'ignore' instructions are provided to ensure the next agent distinguishes between the handoff summary and potential instructions contained within it.
- Capability inventory: The skill generates instructions meant to direct the behavior and tool selection of future agent sessions.
- Sanitization: The skill contains a positive security control by explicitly instructing the agent to 'Redact any sensitive information, such as API keys, passwords, or personally identifiable information'.
Audit Metadata