retrospective-artifacts
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local Python scripts located in the
scripts/directory to fetch data. It also leverages the GitHub CLI (gh) viasubprocess.runto interact with GitHub APIs. These operations are restricted to the purpose of gathering context for retrospectives. - [EXTERNAL_DOWNLOADS]: Context is retrieved from well-known technology platforms including GitHub, Atlassian Jira, and Mattermost. These downloads are performed using user-provided API tokens and target the official domains of these services to populate local markdown artifacts.
- [PROMPT_INJECTION]: The skill processes data from external sources (such as PR descriptions and chat messages) that could contain instructions from untrusted parties. This creates an indirect prompt injection surface when the agent later parses these files, although the skill includes structured templates and guidelines to mitigate unintentional execution.
Audit Metadata