handoff
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill restores context from user-provided files during the resume workflow, which could theoretically contain malicious instructions.
- Ingestion points:
SKILL.md(Workflow B, Step 1) reads handoff documents from user-specified file paths. - Boundary markers: The skill does not define specific delimiters for separating resumed content from the agent's internal instructions.
- Capability inventory: The agent can write files to the local filesystem (
Workflow A) and is instructed to offer to invoke other installed skills (Workflow B, Step 4). - Sanitization: The skill mandates a robust redaction policy in
REFERENCE.mdfor outgoing data, including API keys, tokens, and passwords, which significantly reduces the risk of credential exposure.
Audit Metadata