skills/ninehills/skills/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests and summarizes current conversation history, which is untrusted data.
  • Ingestion points: The current conversation history is ingested as the primary data source (SKILL.md).
  • Boundary markers: No boundary markers or delimiters are specified to differentiate conversation data from potential instructions within that data.
  • Capability inventory: The agent has the capability to write the resulting handoff document to the local file system (temporary directory).
  • Sanitization: The skill explicitly instructs the agent to redact credentials and personal information, but it does not provide measures to sanitize the content for malicious instructions that could influence the behavior of the next agent picking up the handoff.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 06:42 AM
Security Audit — agent-trust-hub — handoff