handoff
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting and processing session data that could contain instructions.
- Ingestion points: Session summaries and observations are fetched from the
memory_sessionsandmemory_recallMCP tools (or the fallback HTTP API) and presented to the agent inSKILL.md. - Boundary markers: The skill does not use explicit delimiters (such as XML tags or specific markdown blocks) or safety instructions to distinguish retrieved memory content from current instructions.
- Capability inventory: The skill utilizes memory retrieval tools and has network capabilities via HTTP fallback for POSTing and GETing session data.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved content before it is processed by the agent.
Audit Metadata