skills/openclaw/agent-skills/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes system clipboard tools such as pbcopy, xclip, or clip.exe to provide the generated prompt to the user. It explicitly recommends the use of temporary files or pipes to avoid shell quoting issues and potential command injection when handling user-provided text.
  • [PROMPT_INJECTION]: As a tool designed to generate instructions for other agents (indirect prompt injection surface), it includes explicit constraints for the receiving agent. It mandates an initial independent review and prohibits unauthorized actions like pushing code or closing PRs without explicit permission.
  • [DATA_EXFILTRATION]: The skill implements a policy to avoid path leakage, instructing the agent to replace absolute or local filesystem paths with portable identifiers like repository names or URLs to maintain environment privacy.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 07:55 PM
Security Audit — agent-trust-hub — handoff