handoff
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute the
mktempcommand to generate a temporary file path. This represents a shell command execution that interacts with the host filesystem. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted conversation history to generate a handoff document without implementing security boundaries.
- Ingestion points: The entire conversation history is analyzed to create the summary.
- Boundary markers: No delimiters or instructions are used to separate the system instructions from the potentially malicious content within the conversation.
- Capability inventory: The skill utilizes shell command execution via
mktempand writes the resulting summary to the disk. - Sanitization: No sanitization, validation, or escaping is performed on the conversation data before it is written to the output file.
Audit Metadata