retro
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes vendor-provided bash scripts from the plugin directory to handle session lifecycle tasks and evidence collection.
- [COMMAND_EXECUTION]: Uses the system ln utility to symlink session logs for organization.
- [EXTERNAL_DOWNLOADS]: Performs web research to enrich retrospectives with external learning resources and to verify expert identities.
- [PROMPT_INJECTION]: Ingests session history and artifact logs to generate summaries and recommendations. While this presents an ingestion point for untrusted data, the skill mitigates risks by employing deterministic gate checks and requiring explicit user approval before modifying core behavioral documentation like AGENTS.md.
Audit Metadata