Skills
skills/tobihagemann/turbo/create-handoff/Gen Agent Trust Hub

create-handoff

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard system utilities (date) and version control commands (git status) to resolve target paths and identify uncommitted changes. These are benign, local operations required for the skill's session-tracking purpose.\n- [PROMPT_INJECTION]: The skill processes potentially untrusted data from the conversation history and git status output to generate handoff files, presenting a surface for indirect prompt injection.\n
  • Ingestion points: Conversation context and git status output as specified in SKILL.md.\n
  • Boundary markers: Absent in the final file generation instruction.\n
  • Capability inventory: File system write access is restricted to the .turbo/handoff/ directory.\n
  • Sanitization: File paths are sanitized via robust slug logic that filters for alphanumeric characters and hyphens, effectively preventing path traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:59 PM