Skills
skills/vibeeval/vibecosystem/resume-handoff/Gen Agent Trust Hub

resume-handoff

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection. The skill is designed to ingest and act upon the contents of external handoff documents, research files, and plans. This structure allows instructions embedded within those processed files to potentially influence or override the agent's behavior during the synthesis and task-routing phases.
  • Ingestion points: The skill reads files from thoughts/shared/handoffs/, thoughts/shared/plans, and thoughts/shared/research, as well as user-provided paths.
  • Boundary markers: There are no specified delimiters or "ignore previous instructions" headers used when interpolating content from these files into the agent's context or when prompting sub-agents.
  • Capability inventory: The skill uses the Read tool to access file contents, TodoWrite to manage project state, and the Task tool to spawn specialist agents based on the analyzed data.
  • Sanitization: There is no evidence of content validation or sanitization before the external text is used to drive the agent's planning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 07:46 AM
Security Audit — agent-trust-hub — resume-handoff