retro
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes historical chat context and previous tool results, which constitutes an indirect prompt injection surface where malicious instructions from past logs could influence the agent's analysis or recommendations.
- Ingestion points: The skill ingests 'chat history', 'user instructions', 'tool behavior', and 'repo/task context' as specified in SKILL.md.
- Boundary markers: There are no explicit delimiters or specific 'ignore embedded instructions' warnings in SKILL.md to protect against instructions contained within the analyzed history.
- Capability inventory: The skill is permitted to use 'Bash', 'Read', 'Grep', and 'Glob' tools (defined in SKILL.md) to perform analysis and suggest or create persistent artifacts like scripts or CLI tools.
- Sanitization: No sanitization or input validation logic is present to filter or escape content from the historical logs before it is processed by the agent.
Audit Metadata