Skills
skills/sungjunlee/craftkit/craft-handoff/Gen Agent Trust Hub

craft-handoff

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard git commands (rev-parse, status, diff, log) via Node.js child_process and bash scripts to gather repository state and worktree information.
  • [COMMAND_EXECUTION]: The skill uses system clipboard utilities (pbcopy, wl-copy, xclip, xsel, clip.exe) via a bash wrapper script to allow the agent to copy the generated handoff prompt for the user.
  • [SAFE]: The skill provides instructions and a Node.js script for configuring a Claude Code SessionStart hook. This is a documented platform feature used to automate context loading across sessions, and it requires manual configuration by the user in settings.json.
  • [SAFE]: All operations, including gathering git state, writing markdown artifacts to ~/.craftkit/, and managing handoff files, are performed locally within the user's environment. No network requests or data exfiltration patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 02:09 AM
Security Audit — agent-trust-hub — craft-handoff