Skills
skills/sones3/matt-skills/handoff/Gen Agent Trust Hub

handoff

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the mktemp utility to generate a temporary file path for the handoff document.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the current conversation history and external artifacts like PRDs, ADRs, and issues.
  • Ingestion points: Conversation history and artifact files (referenced by path or URL) defined in SKILL.md.
  • Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded commands in the source material.
  • Capability inventory: File system read/write operations and shell command execution (mktemp).
  • Sanitization: None; the skill does not validate or escape the content of the summarized conversation or artifacts before writing them to disk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:51 PM