Skills
skills/vibeeval/vibecosystem/create-handoff/Gen Agent Trust Hub

create-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to determine session names and navigate directory structures (ls, head, xargs, git rev-parse).
  • [COMMAND_EXECUTION]: The skill executes a project-local Python script (scripts/core/artifact_mark.py) via uv run. This script is used to mark the outcome of the session in a database.
  • [COMMAND_EXECUTION]: User-provided input from the AskUserQuestion tool is interpolated directly into a shell command line (--outcome <USER_CHOICE>). While the instructions constrain the agent to specific options, this pattern creates a surface for indirect prompt injection or command injection if the input is not strictly validated against the expected enum values.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:45 AM
Security Audit — agent-trust-hub — create-handoff