handoff
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
mktempsystem utility to generate a temporary file path for saving the handoff document. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (multi-step chains) because it summarizes untrusted conversation history and user arguments into a document intended to guide a subsequent agent session.
- Ingestion points: Conversation history and user-provided arguments in
SKILL.md. - Boundary markers: Absent. The skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded in the summarized conversation.
- Capability inventory: File system writing and shell command execution (
mktemp). - Sanitization: Absent. The skill does not validate or sanitize the conversation content before inclusion in the summary.
Audit Metadata