handoff
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
mktempcommand to create a temporary Markdown file on the local system for storing the generated handoff. This is a standard administrative action for temporary data management. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to ingest and summarize untrusted data from the current conversation and external artifacts.
- Ingestion points: The skill reads the entire conversation history and referenced artifacts such as PRDs, plans, and external URLs.
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the content being summarized.
- Capability inventory: The skill has the ability to read and write to the file system and execute shell commands via the agent's environment.
- Sanitization: The instructions do not specify any validation, filtering, or escaping of the content retrieved from the conversation or external files before it is processed or written to the handoff document.
Audit Metadata