Skills
skills/shuozeli/beu/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (gt mail send and gt handoff) via bash. The template for the email command uses string interpolation for the user-provided message, which presents a surface for shell injection if the input is not correctly escaped by the underlying platform.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by allowing user-supplied text to be passed into a subsequent agent session via an automated handoff email. This could be used to influence the behavior of the new session if the email content is processed as instructions.
  • Ingestion points: The [optional message] parameter provided by the user (SKILL.md).
  • Boundary markers: The message is wrapped in double quotes in the bash command template, but no delimiters or instructions are provided to the agent to treat the content as untrusted data.
  • Capability inventory: The skill uses the Bash tool to interact with gt (Gas Town) session management and mail tools.
  • Sanitization: The skill definition does not specify any sanitization, validation, or escaping logic for the user-provided message.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:22 PM