skills/steveclarke/dotfiles/handoff/Gen Agent Trust Hub

handoff

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill's instructions in Step 1 and Step 2 explicitly suggest gathering "Test credentials if relevant" and including a "Credentials" section in the CONTINUATION.md file. Storing sensitive authentication data in files tracked by version control is an unsafe practice.
  • [DATA_EXFILTRATION]: In Step 3, the skill executes git push, which uploads the continuation file to a remote repository. If the file contains credentials or other sensitive information as suggested, this results in the exfiltration of that data to the remote host.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands, including git add, git commit, git push, and clipboard utilities like pbcopy (macOS) and xclip (Linux) to manage the handoff process.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the conversation history to generate summaries.
  • Ingestion points: Aggregates state information (tasks, decisions, issues) from the current session context in SKILL.md.
  • Boundary markers: None; there are no delimiters or instructions to ignore embedded commands in the gathered context.
  • Capability inventory: Includes file system writes, git operations, and system clipboard access in SKILL.md.
  • Sanitization: No validation or escaping is performed on the session data before it is interpolated into the generated files and prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 01:42 PM
Security Audit — agent-trust-hub — handoff