skills/mattpocock/skills/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the mktemp system utility to generate a temporary file path for saving the handoff document.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (multi-step chains) because it summarizes untrusted conversation history and user arguments into a document intended to guide a subsequent agent session.
  • Ingestion points: Conversation history and user-provided arguments in SKILL.md.
  • Boundary markers: Absent. The skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded in the summarized conversation.
  • Capability inventory: File system writing and shell command execution (mktemp).
  • Sanitization: Absent. The skill does not validate or sanitize the conversation content before inclusion in the summary.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:26 PM
Security Audit — agent-trust-hub — handoff