handoff
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill summarizes untrusted conversation data, creating a surface for indirect prompt injection. Malicious instructions within the history could be carried over into the handoff document or the 'suggested skills' section, potentially influencing the behavior of future agent sessions.
- Ingestion points: Current conversation history processed as the primary input (SKILL.md).
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to isolate the summarized untrusted content from the document's structure.
- Capability inventory: The skill has the capability to write files to the operating system's temporary directory.
- Sanitization: The skill contains instructions to redact sensitive information such as API keys, passwords, and PII, which helps mitigate data exposure but not behavioral injection.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations by saving the handoff document to the OS temporary directory rather than the local workspace. While this is a common administrative function, it involves interacting with system paths outside the project scope.
Audit Metadata